From 251e36653a36f261c412c34e2003a3088ae1c0eb Mon Sep 17 00:00:00 2001 From: "Felix T.J. Dietrich" Date: Fri, 2 Aug 2024 15:53:57 +0200 Subject: [PATCH] Create SECURITY.md (#21) --- SECURITY.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..40f1159e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,31 @@ +# Security Policy + +## Supported Versions + +At this time, there are no officially supported versions of this project for security updates. We are actively developing and improving the project. Please check back later for updates on supported versions. + +## Reporting a Vulnerability + +We take the security of our project seriously. If you discover a vulnerability, please follow the steps below to report it: + +1. **Contact Information**: Send an email to [felixtj.dietrich@tum.de] with the subject line "Security Vulnerability Report". + +2. **Details to Include**: + - A description of the vulnerability. + - Steps to reproduce the vulnerability. + - Potential impact of the vulnerability. + - Any available patches or suggestions for fixing the issue. + +3. **Response Time**: + - You can expect an initial acknowledgment of your report within 48 hours. + - We will provide regular updates on the status of your report as we investigate and address the issue. + +4. **Handling of the Vulnerability**: + - If the vulnerability is confirmed, we will work to release a patch as soon as possible. + - You will be credited for your discovery if you wish, or you can remain anonymous. + - If the report is declined, we will provide a detailed explanation as to why it does not meet the criteria for a security vulnerability. + +5. **Confidentiality**: + - Please do not disclose the vulnerability publicly until we have had an opportunity to address it. + +Thank you for helping us keep our project safe and secure!