Merge pull request #49 from Arcturus22/B1

Enhanced the Security Policies
Hi-Folks · Oct 28, 2023 · bd3da5a · bd3da5a
2 parents 8641fc5 + 147b129
commit bd3da5a
Showing 1 changed file with 22 additions and 2 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -1,3 +1,23 @@
-# Security Policy
+# Package Security Policy
 
-If you discover any security related issues, please email [email protected] instead of using the issue tracker.
+## Reporting Security Issues
+
+If you discover any security-related issues within our package, we take these matters seriously and encourage you to report them to us promptly. Your assistance in disclosing potential security vulnerabilities is highly appreciated.
+
+To report a security issue, please send an email to us at [[email protected]](mailto:[email protected]). We request that you do not use public issue trackers or other public communication channels to report security concerns related to this package. This helps us maintain the confidentiality and integerity of the issue while we investigate and address it.
+
+## Responsible Disclosure
+
+We follow a responsible disclosure policy, and we kindly ask you to:
+
+1. **Provide Sufficient Details**: When reporting a security issue, please include as much information as possible so that we can reproduce and understand the problem. This may include steps to reproduce, the affected component, and any proof of concept code if applivable.
+
+2. **Allow Time for Resolution**: We will acknowledge the receipt of your report promptly and work diligently to assess and resolved the issue. We appreciate your patience and understanding during this process.
+
+3. **Keep Information Confidential**: Please do not disclose or share the details of the security issue with others until we have addressed and resolved it. This helps protect our users and the security of our packages.
+
+4. **Do Not Impact Other Users**: Please refrain from taking any actions that may negatively impact the availablity or integrity of our package or the dataof other users.
+
+If you are unsure whether a specific issue qualifies, please report it, and we will assess its validity.
+
+Thank you for your cooperation in helping us maintain the security of our package and protecting our users. We value your contributions to our security efforts andwe deeply appreciate your valuable contribution.