You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+12-3
Original file line number
Diff line number
Diff line change
@@ -1,9 +1,18 @@
1
1
# Security Policy
2
2
3
-
## Supported Versions
3
+
A responsible security disclosure is a practice in the field of cybersecurity where a vulnerability found in software or a system is disclosed only to the software's vendor or a trusted entity capable of fixing the issue, rather than being publicly disclosed or sold.
4
+
5
+
The process typically involves the following steps:
6
+
7
+
1. Discovery: A security researcher discovers a vulnerability.
8
+
2. Reporting: The vulnerability is reported to the software vendor or a trusted third-party, often via a dedicated security contact.
9
+
3. Verification & Fixing: The vendor verifies the vulnerability and develops a patch or workaround.
10
+
4. Release: The patch is released to users, often alongside a security advisory detailing the issue without revealing exploitable details.
11
+
5. Public Disclosure: After a reasonable period of time, the vulnerability is publicly disclosed, allowing the community to understand the issue and verify that the patch resolves it.
4
12
5
-
Use this section to tell people about which versions of your project are
6
-
currently being supported with security updates.
13
+
This practice is intended to prevent potential exploitation of the vulnerability by malicious actors, giving the vendor time to address the issue before it becomes widely known.
0 commit comments