From 99ad72b23005bb7e632f204f897a272dc8eebe77 Mon Sep 17 00:00:00 2001 From: vnugent Date: Sun, 27 Oct 2024 01:04:48 -0400 Subject: add security policy --- SECURITY.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 SECURITY.md (limited to 'SECURITY.md') diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..68d96ac --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ + +# Security Policy + +Please follow the [official issues page](https://www.vaughnnugent.com/resources/software/modules/noscrypt-issues) +for progress on all security related issues. + +## Supported Versions + +Noscrypt is in pre-release and is not yet considered completely stable, +security fixes will be issued as soon as possible and rolled into the next release. + +| Version | Supported | +| ------- | ------------------ | +| > 0.1.1 | :white_check_mark: | + +## Reporting a Vulnerability + +Vulnerabilities should be reported by email to vnpublic[at]proton.me or by submitting a +private vulnerability report on [GitHub](https://github.com/VnUgE/noscrypt/security). +Email is preferred for the fastest response. + +Security reports are greatly appreciated and will be handled with the highest priority, +as noscrypt is cryptography infrastructure software. You should hear back within 48 hours +but this can vary because I'm just a single person who also has responsibilities. + +Please contact me as soon as possible if you believe you have found a security vulnerability +in noscrypt, preferably before disclosing the issue publicly. I will keep you informed about +the progress of the fix and disclosure. + + +## Notices +I will attempt to update the [changelog](CHANGELOG.md) with security fixes as they are completed +and close issues as they are resolved. If you have any questions or concerns about the security +of noscrypt, please contact me at the email address above. -- cgit