From b16f84dd221bd4119e9bdd0855e0b8acf753250d Mon Sep 17 00:00:00 2001 From: krraze Date: Thu, 23 Apr 2026 03:30:37 +0530 Subject: [PATCH] Update SECURITY.md --- SECURITY.md | 57 +++++++++++++++++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 1ed575d..e727054 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,36 +1,55 @@ -# 🔐 Security Policy +# Security Policy -## 📬 Reporting a Vulnerability +## Supported Versions -If you discover a security issue, please report it via: +The following versions of this project are currently receiving security updates: -- GitHub Security Advisory (preferred) -Do not open public issues for vulnerabilities. +> **Note:** We strongly recommend upgrading to a supported version to receive the latest security patches. --- -## 📌 Scope +## Reporting a Vulnerability -In scope: -- Security vulnerabilities in the application or extension -- Data leaks, auth issues, or unsafe request handling -- AI-related issues (prompt injection, misuse, data exposure) +If you discover a security vulnerability in this project, please follow the responsible disclosure process below. -Out of scope: -- Theoretical issues without proof -- Third-party services +### How to Report + +Send a detailed report to: **w4nn4d133@gmail.com** + +Please include the following information in your report: + +- A clear description of the vulnerability +- Steps to reproduce the issue +- Affected version(s) +- Potential impact of the vulnerability --- -## ⚠️ Guidelines +## What to Expect -- Provide clear steps to reproduce -- Include proof-of-concept if possible -- Do not publicly disclose before a fix +| Stage | Timeline | +| ----------------------------- | ------------------- | +| Acknowledgement of report | Within 48 hours | +| Severity assessment (CVSS v3) | Within 5 business days | +| Status update | Every 7 days | +| Patch release (if accepted) | Depends on severity | + +### If Your Vulnerability Is Accepted + +- You will be notified of the remediation plan and estimated fix timeline. +- Credit will be given in the release notes (unless you prefer to remain anonymous). +- A CVE identifier may be requested if applicable. + +### If Your Vulnerability Is Declined + +- You will receive a detailed explanation of why the report was not accepted. +- You are welcome to provide additional information if you believe the decision should be reconsidered. --- -## 🛡️ Note +## Responsible Disclosure -This project is intended for ethical and defensive security research only. +Please do **not** publicly disclose the vulnerability until a fix has been released or we have mutually agreed on a disclosure timeline. We are committed to working with security researchers in good faith. + +Thank you for helping keep this project secure. 🔒