From 8ffc359678180a4af304c4a36a6e660e31195745 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EB=A3=A8=EB=B0=80LuMir?= Date: Wed, 25 Dec 2024 00:33:15 +0900 Subject: [PATCH] docs: enhance `security.md` with vulnerability reporting guidelines --- SECURITY.md | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 5b43f94..effee7e 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,7 @@ # Security +## Binary Files + Some may have concerns about the security of binary files, but the following points should provide assurance about this project: 1. First and foremost, we have no intention of harming anyone’s project. @@ -21,8 +23,34 @@ Some may have concerns about the security of binary files, but the following poi ## Reporting a Vulnerability -If you believe you have found a security vulnerability, we encourage you to let us know right away. +If you discover any security vulnerabilities in this package, please report them immediately. We take security seriously and will address all legitimate reports in a timely manner. + +### How to Report + +To report a vulnerability, please email us at . Provide as much detail as possible about the vulnerability, including: + +- The nature of the vulnerability. +- Steps to reproduce the issue. +- Any potential risks or impacts on users. +- Your contact information for further clarification. + +### Response Process + +1. We will acknowledge receipt of your report promptly and begin investigating the issue. +1. After validating the report, we will work to fix the vulnerability and release an update as soon as possible. +1. You will be informed of the resolution once the fix is deployed. +1. Security patches will be communicated through GitHub releases and other relevant channels. + +## Security Best Practices + +We recommend following these best practices to help maintain the security of your application when using this package: + +- Always use the latest version. +- Regularly update your dependencies to include the latest security fixes. +- Review and monitor your own usage for potential security issues. + +If you have any questions or need further information, please don't hesitate to contact us. -We will investigate all legitimate reports and do our best to quickly fix the problem. +## Supported Versions -Email to disclose any security vulnerabilities. +Security updates are applied only to the most recent releases.