0x5t4l1n/BURP-AI
1
0
Fork 0
mirror of https://github.com/th30d4y/BURP-AI.git synced 2026-05-26 11:35:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update SECURITY.md

Browse Source
This commit is contained in:
krraze
2026-04-23 03:30:37 +05:30
committed by GitHub
parent f20ed98384
commit b16f84dd22
1 changed files with 38 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
SECURITY.md
+38 -19
View File
@@ -1,36 +1,55 @@
# 🔐 Security Policy # Security Policy
## 📬 Reporting a Vulnerability ## Supported Versions
If you discover a security issue, please report it via: The following versions of this project are currently receiving security updates:
- GitHub Security Advisory (preferred)
Do not open public issues for vulnerabilities. > **Note:** We strongly recommend upgrading to a supported version to receive the latest security patches.
--- ---
## 📌 Scope ## Reporting a Vulnerability
In scope: If you discover a security vulnerability in this project, please follow the responsible disclosure process below.
- Security vulnerabilities in the application or extension
- Data leaks, auth issues, or unsafe request handling
- AI-related issues (prompt injection, misuse, data exposure)
Out of scope: ### How to Report
- Theoretical issues without proof
- Third-party services Send a detailed report to: **w4nn4d133@gmail.com**
Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected version(s)
- Potential impact of the vulnerability
--- ---
## ⚠️ Guidelines ## What to Expect
- Provide clear steps to reproduce | Stage | Timeline |
- Include proof-of-concept if possible | ----------------------------- | ------------------- |
- Do not publicly disclose before a fix | Acknowledgement of report | Within 48 hours |
| Severity assessment (CVSS v3) | Within 5 business days |
| Status update | Every 7 days |
| Patch release (if accepted) | Depends on severity |
### If Your Vulnerability Is Accepted
- You will be notified of the remediation plan and estimated fix timeline.
- Credit will be given in the release notes (unless you prefer to remain anonymous).
- A CVE identifier may be requested if applicable.
### If Your Vulnerability Is Declined
- You will receive a detailed explanation of why the report was not accepted.
- You are welcome to provide additional information if you believe the decision should be reconsidered.
--- ---
## 🛡️ Note ## Responsible Disclosure
This project is intended for ethical and defensive security research only. Please do **not** publicly disclose the vulnerability until a fix has been released or we have mutually agreed on a disclosure timeline. We are committed to working with security researchers in good faith.
Thank you for helping keep this project secure. 🔒