-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
55 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,55 @@ | ||
| # Security Policy | ||
|
|
||
| ## Supported Versions | ||
|
|
||
| Security updates are available for all versions. | ||
|
|
||
| ## Reporting a Vulnerability | ||
|
|
||
| If you discover a vulnerability, please report it responsibly to our security email: `c2VjdXJpdHlAYWx0Y2hhLm9yZwo=`. | ||
|
|
||
| When reporting a vulnerability, please include the following details to help us quickly assess the issue: | ||
|
|
||
| - Detailed steps to reproduce or a proof-of-concept | ||
| - Any relevant tools and their versions used | ||
| - Tool output and any logs or screenshots that may help | ||
|
|
||
| **PGP Public Key**: To ensure secure communication, please use our PGP public key when sending sensitive information: | ||
|
|
||
| ``` | ||
| -----BEGIN PGP PUBLIC KEY BLOCK----- | ||
| xjMEZtI2nxYJKwYBBAHaRw8BAQdA/RsvtqhwBMzb2lVbYgJ8jfbtOSW6X1Ju | ||
| eJGrTnc/w7rNKXNlY3VyaXR5QGFsdGNoYS5vcmcgPHNlY3VyaXR5QGFsdGNo | ||
| YS5vcmc+wowEEBYKAD4FgmbSNp8ECwkHCAmQQ77nSDCYPoIDFQgKBBYAAgEC | ||
| GQECmwMCHgEWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAQBYA/AhHznOMm5zg | ||
| L5NVtbEaVzjlGQgq935Ieg7i0ts/ulvSAQCifZduBr9W2Rlev2x4MIaN8PBY | ||
| eq/UQjyDIoi3s+bBAM44BGbSNp8SCisGAQQBl1UBBQEBB0DMbZpWAHLF9W2y | ||
| sFoTHPv0/9wBmd5HQHDFo30pYv6GGAMBCAfCeAQYFgoAKgWCZtI2nwmQQ77n | ||
| SDCYPoICmwwWIQTjdfm4rd39SCeb0WpDvudIMJg+ggAAB2gA/RCLvMElWMP3 | ||
| Xb/GVjlYMKM+lP/+Vp6pEPp+oCfb5gg+AP9sTajrdA2GBv6Sc28/GZcbGEX2 | ||
| OlJjTSxs11Oj8es+Bg== | ||
| =kb// | ||
| -----END PGP PUBLIC KEY BLOCK----- | ||
| ``` | ||
|
|
||
| ## Vulnerability Disclosure Process | ||
|
|
||
| - **Acknowledgment**: We will acknowledge receipt of your report within 48 hours. | ||
| - **Assessment**: We will assess the vulnerability and determine the impact and priority. | ||
| - **Resolution**: If the vulnerability is confirmed, we will work on a fix and inform you when it’s resolved. | ||
| - **Disclosure**: We follow responsible disclosure. Once a fix is available, we will coordinate with you to disclose the vulnerability to the public. | ||
|
|
||
| ## Scope | ||
|
|
||
| ### In-Scope for Reporting: | ||
| - ALTCHA Widget and any associated open-source code. | ||
| - ALTCHA SaaS platform and related services. | ||
|
|
||
| ### Out-of-Scope: | ||
| - Any third-party services or software not managed by ALTCHA. | ||
| - Automated tool or scan reports. | ||
| - Distributed Denial of Service (DDoS) attacks that require large volumes of data. | ||
| - Provisioning or usability issues. | ||
| - Flooding of feedback, comments, messages, etc. | ||
| - Issues related to networking protocols or industry standards. |