diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..9f7269f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,45 @@ +# Security Policy + +## Supported Versions + +Only the latest version is supported. Explanatory diagram: + +| Version | Supported | +| ------------ | ------------------ | +| 1.0.0 | :white_check_mark: | +| Older | :x: | + +## Reporting a Vulnerability + +To report a vulnerability, please follow these steps: + +1. **Email**: Send an email to [info@plaenker.com](mailto:info@plaenker.com) with all the details regarding the vulnerability. +2. **Subject**: Use "[Booklooker Vulnerability Report]" as the subject line to help me prioritize and identify your report. +3. **Vulnerability Details**: Please provide a clear and detailed description of the vulnerability, along with the potential impact it may have. +4. **Reproducibility**: If possible, include step-by-step instructions to reproduce the vulnerability. +5. **Versions Affected**: Specify which versions of the project are affected by the vulnerability. +6. **Your Contact**: Include your name, email address, and any other contact information you wish to share. + +## Response and Resolution + +Once I receive the vulnerability report, I will acknowledge its receipt within 72 hours. I will conduct an initial review to validate the vulnerability and determine its severity. + +If the vulnerability is accepted: + +- **Fixing Process**: I will prioritize developing a patch for the vulnerability. +- **Release Timeline**: The patch will be included in the next available release within a reasonable timeframe. Please note that the release cycle might vary, but I will prioritize security fixes. +- **Credit**: If you desire, I will acknowledge your contribution and give you credit for responsibly reporting the vulnerability. + +If the vulnerability is declined: + +- **Reasoning**: I will provide a reason for the rejection and explain why the reported issue does not qualify as a security vulnerability. + +## Security Updates + +To ensure the security of Booklooker, it is crucial that all users update to the latest supported version promptly. Users of older versions that are no longer supported are strongly recommended to upgrade to a supported version to stay protected against potential security threats. + +Thank you for helping me make Booklooker more secure. Your cooperation and responsible disclosure are essential to maintaining the integrity and trustworthiness of this project. + +Please note that this security policy is subject to change over time, so it is advisable to check this document periodically for any updates. + +Last Updated: August 14, 2023.