Skip to content

Commit

Permalink
Create SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
ovx authored Sep 2, 2024
1 parent 64427cb commit 2e02505
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Security Policy

## Supported Versions

Security updates are available for all versions.

## Reporting a Vulnerability

If you discover a vulnerability, please report it responsibly to our security email: `c2VjdXJpdHlAYWx0Y2hhLm9yZwo=`.

When reporting a vulnerability, please include the following details to help us quickly assess the issue:

- Detailed steps to reproduce or a proof-of-concept
- Any relevant tools and their versions used
- Tool output and any logs or screenshots that may help

**PGP Public Key**: To ensure secure communication, please use our PGP public key when sending sensitive information:

```
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZtI2nxYJKwYBBAHaRw8BAQdA/RsvtqhwBMzb2lVbYgJ8jfbtOSW6X1Ju
eJGrTnc/w7rNKXNlY3VyaXR5QGFsdGNoYS5vcmcgPHNlY3VyaXR5QGFsdGNo
YS5vcmc+wowEEBYKAD4FgmbSNp8ECwkHCAmQQ77nSDCYPoIDFQgKBBYAAgEC
GQECmwMCHgEWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAQBYA/AhHznOMm5zg
L5NVtbEaVzjlGQgq935Ieg7i0ts/ulvSAQCifZduBr9W2Rlev2x4MIaN8PBY
eq/UQjyDIoi3s+bBAM44BGbSNp8SCisGAQQBl1UBBQEBB0DMbZpWAHLF9W2y
sFoTHPv0/9wBmd5HQHDFo30pYv6GGAMBCAfCeAQYFgoAKgWCZtI2nwmQQ77n
SDCYPoICmwwWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAB2gA/RCLvMElWMP3
Xb/GVjlYMKM+lP/+Vp6pEPp+oCfb5gg+AP9sTajrdA2GBv6Sc28/GZcbGEX2
OlJjTSxs11Oj8es+Bg==
=kb//
-----END PGP PUBLIC KEY BLOCK-----
```

## Vulnerability Disclosure Process

- **Acknowledgment**: We will acknowledge receipt of your report within 48 hours.
- **Assessment**: We will assess the vulnerability and determine the impact and priority.
- **Resolution**: If the vulnerability is confirmed, we will work on a fix and inform you when it’s resolved.
- **Disclosure**: We follow responsible disclosure. Once a fix is available, we will coordinate with you to disclose the vulnerability to the public.

## Scope

### In-Scope for Reporting:
- ALTCHA Widget and any associated open-source code.
- ALTCHA SaaS platform and related services.

### Out-of-Scope:
- Any third-party services or software not managed by ALTCHA.
- Automated tool or scan reports.
- Distributed Denial of Service (DDoS) attacks that require large volumes of data.
- Provisioning or usability issues.
- Flooding of feedback, comments, messages, etc.
- Issues related to networking protocols or industry standards.

0 comments on commit 2e02505

Please sign in to comment.