mirror of
https://github.com/th30d4y/BURP-AI.git
synced 2026-05-26 19:36:34 +00:00
Stalin
+38
-19
@@ -1,36 +1,55 @@
|
|||||||
# 🔐 Security Policy
|
# Security Policy
|
||||||
|
|
||||||
## 📬 Reporting a Vulnerability
|
## Supported Versions
|
||||||
|
|
||||||
If you discover a security issue, please report it via:
|
The following versions of this project are currently receiving security updates:
|
||||||
|
|
||||||
- GitHub Security Advisory (preferred)
|
|
||||||
|
|
||||||
Do not open public issues for vulnerabilities.
|
> **Note:** We strongly recommend upgrading to a supported version to receive the latest security patches.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 📌 Scope
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
In scope:
|
If you discover a security vulnerability in this project, please follow the responsible disclosure process below.
|
||||||
- Security vulnerabilities in the application or extension
|
|
||||||
- Data leaks, auth issues, or unsafe request handling
|
|
||||||
- AI-related issues (prompt injection, misuse, data exposure)
|
|
||||||
|
|
||||||
Out of scope:
|
### How to Report
|
||||||
- Theoretical issues without proof
|
|
||||||
- Third-party services
|
Send a detailed report to: **w4nn4d133@gmail.com**
|
||||||
|
|
||||||
|
Please include the following information in your report:
|
||||||
|
|
||||||
|
- A clear description of the vulnerability
|
||||||
|
- Steps to reproduce the issue
|
||||||
|
- Affected version(s)
|
||||||
|
- Potential impact of the vulnerability
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## ⚠️ Guidelines
|
## What to Expect
|
||||||
|
|
||||||
- Provide clear steps to reproduce
|
| Stage | Timeline |
|
||||||
- Include proof-of-concept if possible
|
| ----------------------------- | ------------------- |
|
||||||
- Do not publicly disclose before a fix
|
| Acknowledgement of report | Within 48 hours |
|
||||||
|
| Severity assessment (CVSS v3) | Within 5 business days |
|
||||||
|
| Status update | Every 7 days |
|
||||||
|
| Patch release (if accepted) | Depends on severity |
|
||||||
|
|
||||||
|
### If Your Vulnerability Is Accepted
|
||||||
|
|
||||||
|
- You will be notified of the remediation plan and estimated fix timeline.
|
||||||
|
- Credit will be given in the release notes (unless you prefer to remain anonymous).
|
||||||
|
- A CVE identifier may be requested if applicable.
|
||||||
|
|
||||||
|
### If Your Vulnerability Is Declined
|
||||||
|
|
||||||
|
- You will receive a detailed explanation of why the report was not accepted.
|
||||||
|
- You are welcome to provide additional information if you believe the decision should be reconsidered.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## 🛡️ Note
|
## Responsible Disclosure
|
||||||
|
|
||||||
This project is intended for ethical and defensive security research only.
|
Please do **not** publicly disclose the vulnerability until a fix has been released or we have mutually agreed on a disclosure timeline. We are committed to working with security researchers in good faith.
|
||||||
|
|
||||||
|
Thank you for helping keep this project secure. 🔒
|
||||||
|
|||||||
Reference in New Issue
Block a user