diff options
author | vnugent <public@vaughnnugent.com> | 2024-10-27 01:04:48 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-10-27 01:04:48 -0400 |
commit | 99ad72b23005bb7e632f204f897a272dc8eebe77 (patch) | |
tree | 32dadb6494a3470ce9360d5e4b1031aebce8dab5 /SECURITY.md | |
parent | dc47d096400e7a4d95dd9516c72876c8ad016dcb (diff) |
add security policy
Diffstat (limited to 'SECURITY.md')
-rw-r--r-- | SECURITY.md | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..68d96ac --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ + +# Security Policy + +Please follow the [official issues page](https://www.vaughnnugent.com/resources/software/modules/noscrypt-issues) +for progress on all security related issues. + +## Supported Versions + +Noscrypt is in pre-release and is not yet considered completely stable, +security fixes will be issued as soon as possible and rolled into the next release. + +| Version | Supported | +| ------- | ------------------ | +| > 0.1.1 | :white_check_mark: | + +## Reporting a Vulnerability + +Vulnerabilities should be reported by email to vnpublic[at]proton.me or by submitting a +private vulnerability report on [GitHub](https://github.com/VnUgE/noscrypt/security). +Email is preferred for the fastest response. + +Security reports are greatly appreciated and will be handled with the highest priority, +as noscrypt is cryptography infrastructure software. You should hear back within 48 hours +but this can vary because I'm just a single person who also has responsibilities. + +Please contact me as soon as possible if you believe you have found a security vulnerability +in noscrypt, preferably before disclosing the issue publicly. I will keep you informed about +the progress of the fix and disclosure. + + +## Notices +I will attempt to update the [changelog](CHANGELOG.md) with security fixes as they are completed +and close issues as they are resolved. If you have any questions or concerns about the security +of noscrypt, please contact me at the email address above. |