From e4917c1a0784232aa2971eb8f9218cb12b124d60 Mon Sep 17 00:00:00 2001 From: Thales Euflauzino <120137721+thaleseuflauzino@users.noreply.github.com> Date: Tue, 27 Aug 2024 03:01:10 -0300 Subject: [PATCH] docs: Create SECURITY.md --- SECURITY.md | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..852e7cc3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,68 @@ +# Security Policy + +## Purpose of the Policy + +The purpose of this Security Policy is to ensure the security of our project and maintain the trust of the community. + +## Who is Affected by the Policy + +This policy applies to all members of our project community, including developers, testers, repository administrators, and users. + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 2.0.x | :white_check_mark: | +| < 1.2.0 | :x: | + +## Development Recommendations + +### Best Practices + +- Follow secure coding principles. +- Use well-established libraries and frameworks. +- Regularly update dependencies. +- Conduct thorough testing, including security-related tests. + +### Unrecommended Practices + +- Do not use known vulnerabilities that have not been patched. +- Do not publish sensitive information such as API keys or passwords. +- Do not vote for changes that degrade the security of the project. + +### User-Generated Content + +- Ensure that user-generated content does not contain hidden threats. +- Be cautious when handling user data. + +### Community Interaction + +- Treat each other with respect and politeness. +- Do not spread spam or spam bots. +- Follow community guidelines. + +### Vulnerability Discovery and Reporting + +- If you discover a vulnerability, report it as an issue on GitHub. +- Your report should contain detailed information about the vulnerability, including steps to resolve it. + +### Reporting Method + +To report a vulnerability, create a new issue on GitHub and use branch isolation to provide details about the vulnerability. + +### Details to Provide + +Please provide the following information about the vulnerability: + +- Description of the vulnerability +- Steps to resolve the vulnerability +- Versions on which the vulnerability was found +- Code examples illustrating the vulnerability (if it is safe to do so) + +### Expected Behavior + +- If we accept the reported vulnerability, we will release a patch and update the security information on GitHub. +- If we reject the reported vulnerability, we will provide an explanation.