From fa0cdef18425f8a6f94c5f857edc4023b0dd5e8c Mon Sep 17 00:00:00 2001 From: aryanguptacsvtu <148983503+aryanguptacsvtu@users.noreply.github.com> Date: Wed, 17 Sep 2025 19:02:16 +0530 Subject: [PATCH 1/2] SECURITY.md --- SECURITY.md | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..e0c1cc2 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,66 @@ +# 🔒 Security Polspliticy + +Thank you for your interest in keeping the `splitwiser` project secure. This document explains how to report security vulnerabilities, what to expect after reporting, and how we handle disclosures. + +--- + +## 📦 Supported Versions + +We aim to keep `splitwiser` up to date and secure. Please see below for the versions we currently support with security updates. + +| Version | Supported | +|---------|--------------------| +| Latest | ✅ Yes | +| Older | ❌ No | + +--- + +## 🛡️ Reporting a Vulnerability + +If you discover a security vulnerability, **please do not open an issue** on GitHub. + +Instead, follow these steps: + +1. **Email the maintainer directly** +2. Include the following details: + - Description of the vulnerability + - Steps to reproduce (if possible) + - Potential impact + - Any mitigation or workaround suggestions + +⌛ We aim to respond to security reports **within 72 hours**.. + +--- + +## 🚫 Responsible Disclosure Guidelines + +We ask that you: +- Do not publicly disclose the issue until it has been resolved. +- Avoid testing vulnerabilities in a way that could disrupt services. +- Act in good faith and with respect for user data and privacy. + +--- + +## 📃 Disclosure Policy + +- We follow a **coordinated disclosure** approach. +- We appreciate responsible reporting and will publicly disclose the issue only **after a fix has been released**. +--- + +## 🔄 Security Fixes & Releases + +Security fixes will be merged into `main` and any supported release branches. We will publish release notes describing the fix and migration steps when required. + +--- + +## 🙏 Acknowledgments + +We value the contributions from the community and encourage responsible disclosure to help keep `splitwiser` safe and secure for all users. + +--- + +## 🔒 Resources + +- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories) +- [OpenSSF Best Practices](https://bestpractices.dev/) +- [OWASP Top 10](https://owasp.org/www-project-top-ten/) From 4261a8848a073c9c703cf3c1841fc232ec19ec61 Mon Sep 17 00:00:00 2001 From: aryanguptacsvtu <148983503+aryanguptacsvtu@users.noreply.github.com> Date: Wed, 17 Sep 2025 23:44:52 +0530 Subject: [PATCH 2/2] Update SECURITY.md --- SECURITY.md | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index e0c1cc2..f58e04c 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,17 +4,6 @@ Thank you for your interest in keeping the `splitwiser` project secure. This doc --- -## 📦 Supported Versions - -We aim to keep `splitwiser` up to date and secure. Please see below for the versions we currently support with security updates. - -| Version | Supported | -|---------|--------------------| -| Latest | ✅ Yes | -| Older | ❌ No | - ---- - ## 🛡️ Reporting a Vulnerability If you discover a security vulnerability, **please do not open an issue** on GitHub. @@ -28,8 +17,6 @@ Instead, follow these steps: - Potential impact - Any mitigation or workaround suggestions -⌛ We aim to respond to security reports **within 72 hours**.. - --- ## 🚫 Responsible Disclosure Guidelines