Create SECURITY.md
Jeremy D commited on 2023-03-28 19:01:11
Showing 1 changed files, with 29 additions and 0 deletions.
- SECURITY.md 0000000..fff9b9f
| ... | ... |
@@ -0,0 +1,29 @@ |
| 1 |
+# Security Policy |
|
| 2 |
+ |
|
| 3 |
+## Supported Versions |
|
| 4 |
+ |
|
| 5 |
+| Version | Supported | |
|
| 6 |
+| ------- | ------------------ | |
|
| 7 |
+| 2.1.x | :white_check_mark: | |
|
| 8 |
+| 2.0.x | :white_check_mark: | |
|
| 9 |
+| 1.x | :x: | |
|
| 10 |
+ |
|
| 11 |
+## Reporting a Vulnerability |
|
| 12 |
+ |
|
| 13 |
+To report a security issue use [Security Advisories](https://github.com/SimpleMachines/SimpleDesk/security/advisories). |
|
| 14 |
+ |
|
| 15 |
+## The process |
|
| 16 |
+When we receive your report, it will be validated with our team. This includes testing the vulnerabilities. We don't require a Proof of Concept script/tool, but we do welcome them as they can improve the ability to validate the report and test against the patches. |
|
| 17 |
+ |
|
| 18 |
+Once validated, our team will work on patching. |
|
| 19 |
+ |
|
| 20 |
+Due to our small team size and because we are all volunteers, we do not have timelines we can give beyond estimates. |
|
| 21 |
+ |
|
| 22 |
+## Credits |
|
| 23 |
+We are open to giving credits to individuals or organizations for proper reporting and keeping the issue private until we have made the release. We will ask you after validation on this. We reserve the right to refuse or limit how we credits. We typically do not provide credits for publicly known vulnerabilities or if the information is released prior to us making the official release. |
|
| 24 |
+ |
|
| 25 |
+## Bounties |
|
| 26 |
+This project does not have any source of income and we do not have the funds to pay bounties. |
|
| 27 |
+ |
|
| 28 |
+# Thank you |
|
| 29 |
+Thank you to all those who help us by scanning our repositories and reviewing our code. Your efforts go a long way to ensuring our community is receiving a secure product to use. |
|
| 0 | 30 |