Update security policy to modern standards (#514)

CAM-Gerlach · web-flow · commit ad8d3453203c · 2025-06-25T01:33:32.000-05:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -3,22 +3,23 @@
 
 ## Supported Versions
 
+We normally support only the most recently released version with bug fixes, security updates and compatibility improvements.
+
 The following summarizes the support status of recent QtPy versions.
 
 | Version  | Supported          |
 | -------- | ------------------ |
 | 2.0.x    | :heavy_check_mark: |
-| 1.11.x   | :heavy_check_mark: |
-| <=1.10.x | :x:                |
+| <2       | :x:                |
 
 
 
 ## Reporting a Vulnerability
 
-If you believe you've discovered a security vulnerability in Sub Manager, please contact the project maintainers, the Spyder development team, at spyder.python@gmail.com .
+If you believe you've discovered a security vulnerability in QtPy, please use open a new security advisory with [our GitHub repo's private vulnerability reporting](https://github.com/spyder-ide/qtpy/security/advisories/new).
 Please be sure to carefully document the vulnerability, including a summary, describing the impacts, identifying the line(s) of code affected, stating the conditions under which it is exploitable and including a minimal reproducible test case.
 Further information and advice or patches on how to mitigate it is always welcome.
 You can usually expect to hear back within 1 week, at which point we'll inform you of our evaluation of the vulnerability and what steps we plan to take, and will reach out if we need further clarification from you.
-Once its patched, we'll send a followup email letting you know, and are happy to update you on its status should you further inquire.
-While this is a volunteer project and we don't have financial compensation to offer, we can certainly publicly thank you for your help if you would like.
+We'll discuss and update the advisory thread, and are happy to update you on its status should you further inquire.
+While this is a volunteer project and we don't have financial compensation to offer, we can certainly publicly thank and credit you for your help if you would like.
 Thanks!
