From a4a36dd222b1dbd30f48564231987dc1d0d125fd Mon Sep 17 00:00:00 2001 From: Alexey Poltorak Date: Mon, 29 Apr 2024 03:24:37 +0500 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..5e4faeda --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,29 @@ +# Reporting Security Issues + +## Introduction + +The security of our systems is our top priority. If you have discovered a security vulnerability in our project, we appreciate your cooperation in responsibly disclosing it to us. + +## Please Follow These Steps: + +1. **Do Not Report Security Vulnerabilities Publicly** + - Please **do not** disclose any details about the vulnerability in public forums, GitHub issues, or any other public channels. Such actions can potentially lead to misuse and could harm our users. + +2. **Email Us Directly** + - To report a security issue, please send an email directly to us at [support@abblix.com](mailto:support@abblix.com). Include as much information as possible about the vulnerability, including: + - The conditions on which the vulnerability can be reproduced. + - Any potential impacts of the vulnerability. + - How you found the vulnerability, if you'd like to share this. + +## What Will Happen Next? + +- **Acknowledgement**: We will acknowledge your email within 24 hours. +- **Investigation**: Our security team will investigate the issue and work to quickly address it. +- **Communication**: We will keep you informed of our progress as we work to resolve the vulnerability. +- **Disclosure**: Once the issue has been resolved, we will work with you to coordinate the disclosure of the vulnerability to ensure that all our users are adequately informed and protected. + +## Our Commitment + +We are committed to working with security researchers and the community to make our products safer. We appreciate your efforts in responsibly reporting any issues you find. We promise to handle your report with confidentiality and will not take any legal action against you as long as you adhere to these guidelines. + +Thank you for helping us keep our products and our users safe!