-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
fd97cc4
commit 3790c75
Showing
1 changed file
with
10 additions
and
20 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,19 @@ | ||
| ### Security Policy | ||
| ## Security Policy | ||
|
|
||
| #### Supported Versions | ||
| We take security seriously. If you discover any security related issues, please email thomasvincent@[your-domain] instead of using the issue tracker. | ||
|
|
||
| This section outlines which versions of the Cloudflare UFW Updater script are currently supported with security updates. Please use the latest supported version to ensure optimal security and functionality. | ||
| ### Supported Versions | ||
|
|
||
| | Version | Supported | | ||
| | ------- | ------------------ | | ||
| | 1.0.0 | :white_check_mark: | <!-- Currently supported version --> | ||
| | X.X.X | :white_check_mark: | | ||
| | X.X.X | :x: | | ||
|
|
||
| #### Reporting a Vulnerability | ||
| ### Reporting a Vulnerability | ||
|
|
||
| If you discover a vulnerability in the Cloudflare UFW Updater script, please help us improve the security of our project by reporting it responsibly. Here’s how you can report a vulnerability: | ||
| Please report (suspected) security vulnerabilities to thomasvincent@[your-domain]. You will receive a response from us within [your-response-timeframe]. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within [your-patch-timeframe]. | ||
|
|
||
| - **Where to Report**: Send your vulnerability report via email to [[email protected]](mailto:[email protected]). Please do not report security vulnerabilities through public GitHub issues. | ||
| ### Additional Security Considerations | ||
| [Add language or framework-specific OWASP Top 10 guidance here] | ||
|
|
||
| - **What to Include**: Provide as much information as possible about the vulnerability, including: | ||
| - The version of the script affected. | ||
| - Any relevant details about the environment (OS version, UFW version). | ||
| - Steps to reproduce the vulnerability. | ||
| - Possible impacts (if known). | ||
|
|
||
| - **Response Time**: Our team aims to acknowledge receipt of your vulnerability report within 48 hours. After the initial acknowledgment, we will strive to keep you informed of the progress toward a fix and full announcement, and we may ask for additional information or guidance. | ||
|
|
||
| - **Disclosure Process**: Once the vulnerability has been evaluated and confirmed, we will schedule a fix to be included in the next patch release. We will publicly disclose the vulnerability details after the patch is available, consistent with best practices in responsible disclosure. | ||
|
|
||
| - **Rewards and Acknowledgments**: While we currently do not offer a bounty for vulnerability reports, we publicly acknowledge contributors in our release announcements and project documentation who responsibly report security issues. | ||
|
|
||
| This policy ensures that all security concerns are handled promptly and effectively, maintaining the highest level of security for users of the Cloudflare UFW Updater script. | ||
| [If applicable, add information about your bug bounty program here] |