diff --git a/.github/SECURITY.md b/.github/SECURITY.md index c02fd3d..3512412 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,3 +1,23 @@ -# Security Policy +# Package Security Policy -If you discover any security related issues, please email roberto.butti@gmail.com instead of using the issue tracker. +## Reporting Security Issues + +If you discover any security-related issues within our package, we take these matters seriously and encourage you to report them to us promptly. Your assistance in disclosing potential security vulnerabilities is highly appreciated. + +To report a security issue, please send an email to us at [roberto.butti@gmail.com](mailto:roberto.butti@gmail.com). We request that you do not use public issue trackers or other public communication channels to report security concerns related to this package. This helps us maintain the confidentiality and integerity of the issue while we investigate and address it. + +## Responsible Disclosure + +We follow a responsible disclosure policy, and we kindly ask you to: + +1. **Provide Sufficient Details**: When reporting a security issue, please include as much information as possible so that we can reproduce and understand the problem. This may include steps to reproduce, the affected component, and any proof of concept code if applivable. + +2. **Allow Time for Resolution**: We will acknowledge the receipt of your report promptly and work diligently to assess and resolved the issue. We appreciate your patience and understanding during this process. + +3. **Keep Information Confidential**: Please do not disclose or share the details of the security issue with others until we have addressed and resolved it. This helps protect our users and the security of our packages. + +4. **Do Not Impact Other Users**: Please refrain from taking any actions that may negatively impact the availablity or integrity of our package or the dataof other users. + +If you are unsure whether a specific issue qualifies, please report it, and we will assess its validity. + +Thank you for your cooperation in helping us maintain the security of our package and protecting our users. We value your contributions to our security efforts andwe deeply appreciate your valuable contribution.