aboutsummaryrefslogtreecommitdiff
path: root/SECURITY.md
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-10-27 01:06:16 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-10-27 01:06:16 -0400
commit061eda3622664a612f4e5d5e6a02c2496fdba4f9 (patch)
treef425173693ea1a1528298d79441b3f243ef0cf8d /SECURITY.md
parent3c17d3d5f3e34a9302212856b019ddb7842a8a66 (diff)
parent99ad72b23005bb7e632f204f897a272dc8eebe77 (diff)
Merge branch 'develop' into openssl-fixes
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md34
1 files changed, 34 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..68d96ac
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,34 @@
+
+# Security Policy
+
+Please follow the [official issues page](https://www.vaughnnugent.com/resources/software/modules/noscrypt-issues)
+for progress on all security related issues.
+
+## Supported Versions
+
+Noscrypt is in pre-release and is not yet considered completely stable,
+security fixes will be issued as soon as possible and rolled into the next release.
+
+| Version | Supported |
+| ------- | ------------------ |
+| > 0.1.1 | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Vulnerabilities should be reported by email to vnpublic[at]proton.me or by submitting a
+private vulnerability report on [GitHub](https://github.com/VnUgE/noscrypt/security).
+Email is preferred for the fastest response.
+
+Security reports are greatly appreciated and will be handled with the highest priority,
+as noscrypt is cryptography infrastructure software. You should hear back within 48 hours
+but this can vary because I'm just a single person who also has responsibilities.
+
+Please contact me as soon as possible if you believe you have found a security vulnerability
+in noscrypt, preferably before disclosing the issue publicly. I will keep you informed about
+the progress of the fix and disclosure.
+
+
+## Notices
+I will attempt to update the [changelog](CHANGELOG.md) with security fixes as they are completed
+and close issues as they are resolved. If you have any questions or concerns about the security
+of noscrypt, please contact me at the email address above.