From 3790c7529a213fd64af30975544ccd3915c645aa Mon Sep 17 00:00:00 2001 From: Thomas Vincent Date: Thu, 20 Jun 2024 17:28:57 -0700 Subject: [PATCH] Update SECURITY.md --- SECURITY.md | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 62722c1..48546f2 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,29 +1,19 @@ -### Security Policy +## Security Policy -#### Supported Versions +We take security seriously. If you discover any security related issues, please email thomasvincent@[your-domain] instead of using the issue tracker. -This section outlines which versions of the Cloudflare UFW Updater script are currently supported with security updates. Please use the latest supported version to ensure optimal security and functionality. +### Supported Versions | Version | Supported | | ------- | ------------------ | -| 1.0.0 | :white_check_mark: | +| X.X.X | :white_check_mark: | +| X.X.X | :x: | -#### Reporting a Vulnerability +### Reporting a Vulnerability -If you discover a vulnerability in the Cloudflare UFW Updater script, please help us improve the security of our project by reporting it responsibly. Here’s how you can report a vulnerability: +Please report (suspected) security vulnerabilities to thomasvincent@[your-domain]. You will receive a response from us within [your-response-timeframe]. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within [your-patch-timeframe]. -- **Where to Report**: Send your vulnerability report via email to [thomasvincent@gmail.com](mailto:thomasvincent@gmail.com). Please do not report security vulnerabilities through public GitHub issues. +### Additional Security Considerations +[Add language or framework-specific OWASP Top 10 guidance here] -- **What to Include**: Provide as much information as possible about the vulnerability, including: - - The version of the script affected. - - Any relevant details about the environment (OS version, UFW version). - - Steps to reproduce the vulnerability. - - Possible impacts (if known). - -- **Response Time**: Our team aims to acknowledge receipt of your vulnerability report within 48 hours. After the initial acknowledgment, we will strive to keep you informed of the progress toward a fix and full announcement, and we may ask for additional information or guidance. - -- **Disclosure Process**: Once the vulnerability has been evaluated and confirmed, we will schedule a fix to be included in the next patch release. We will publicly disclose the vulnerability details after the patch is available, consistent with best practices in responsible disclosure. - -- **Rewards and Acknowledgments**: While we currently do not offer a bounty for vulnerability reports, we publicly acknowledge contributors in our release announcements and project documentation who responsibly report security issues. - -This policy ensures that all security concerns are handled promptly and effectively, maintaining the highest level of security for users of the Cloudflare UFW Updater script. +[If applicable, add information about your bug bounty program here] \ No newline at end of file