Ything-RepoMirrors/altcha-lib
2
0
Fork 0
mirror of https://github.com/altcha-org/altcha-lib.git synced 2026-01-24 20:08:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create SECURITY.md

Browse Source
This commit is contained in:
Daniel Regeci
2024-09-03 00:15:35 +02:00
committed by GitHub
parent 64427cbcd6
commit 2e02505b33
1 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
SECURITY.md Normal file
View File

@@ -0,0 +1,55 @@
# Security Policy
## Supported Versions
Security updates are available for all versions.
## Reporting a Vulnerability
If you discover a vulnerability, please report it responsibly to our security email: `c2VjdXJpdHlAYWx0Y2hhLm9yZwo=`.
When reporting a vulnerability, please include the following details to help us quickly assess the issue:
- Detailed steps to reproduce or a proof-of-concept
- Any relevant tools and their versions used
- Tool output and any logs or screenshots that may help
**PGP Public Key**: To ensure secure communication, please use our PGP public key when sending sensitive information:
```
-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZtI2nxYJKwYBBAHaRw8BAQdA/RsvtqhwBMzb2lVbYgJ8jfbtOSW6X1Ju
eJGrTnc/w7rNKXNlY3VyaXR5QGFsdGNoYS5vcmcgPHNlY3VyaXR5QGFsdGNo
YS5vcmc+wowEEBYKAD4FgmbSNp8ECwkHCAmQQ77nSDCYPoIDFQgKBBYAAgEC
GQECmwMCHgEWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAQBYA/AhHznOMm5zg
L5NVtbEaVzjlGQgq935Ieg7i0ts/ulvSAQCifZduBr9W2Rlev2x4MIaN8PBY
eq/UQjyDIoi3s+bBAM44BGbSNp8SCisGAQQBl1UBBQEBB0DMbZpWAHLF9W2y
sFoTHPv0/9wBmd5HQHDFo30pYv6GGAMBCAfCeAQYFgoAKgWCZtI2nwmQQ77n
SDCYPoICmwwWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAB2gA/RCLvMElWMP3
Xb/GVjlYMKM+lP/+Vp6pEPp+oCfb5gg+AP9sTajrdA2GBv6Sc28/GZcbGEX2
OlJjTSxs11Oj8es+Bg==
=kb//
-----END PGP PUBLIC KEY BLOCK-----
```
## Vulnerability Disclosure Process
- **Acknowledgment**: We will acknowledge receipt of your report within 48 hours.
- **Assessment**: We will assess the vulnerability and determine the impact and priority.
- **Resolution**: If the vulnerability is confirmed, we will work on a fix and inform you when its resolved.
- **Disclosure**: We follow responsible disclosure. Once a fix is available, we will coordinate with you to disclose the vulnerability to the public.
## Scope
### In-Scope for Reporting:
- ALTCHA Widget and any associated open-source code.
- ALTCHA SaaS platform and related services.
### Out-of-Scope:
- Any third-party services or software not managed by ALTCHA.
- Automated tool or scan reports.
- Distributed Denial of Service (DDoS) attacks that require large volumes of data.
- Provisioning or usability issues.
- Flooding of feedback, comments, messages, etc.
- Issues related to networking protocols or industry standards.