chore: add security policy

2025-05-01 19:18:56 +02:00
parent f669d161c6
commit c6ca1b42e9
1 changed files with 33 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| latest  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To report a security vulnerability go
+to [Advisories section](https://github.com/utox39/z8x/security/advisories) or contact this email address:
+francescomoccaldi39@gmail.com
+
+1. Describe the vulnerability.
+
+    * Type of issue (e.g. buffer overflow, etc.)
+    * Full paths of source file(s) related to the manifestation of the issue
+    * The location of the affected source code (tag/branch/commit or direct URL)
+    * Any special configuration required to reproduce the issue
+    * Step-by-step instructions to reproduce the issue
+    * Proof-of-concept or exploit code (if possible)
+    * Impact of the issue, including how an attacker might exploit the issue
+
+2. If you have a fix, that is most welcome -- please attach or summarize it in your message!
+
+3. I will evaluate the vulnerability in a controlled environment and, if necessary, release a fix or mitigating steps
+   to address it. I will contact you to let you know the outcome, and will credit you in the report.
+
+4. Please DO NOT disclose the vulnerability publicly until a fix is released!
+
+Once I have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to
+publicly disclose it.