docs: add SECURITY.md — responsible disclosure policy
This commit is contained in:
parent
d155472638
commit
f3fd7b741e
1 changed files with 26 additions and 0 deletions
26
SECURITY.md
Normal file
26
SECURITY.md
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
# Security Policy
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
**Do not open a GitHub or Codeberg issue for security vulnerabilities.**
|
||||
|
||||
Email: `security@circuitforge.tech`
|
||||
|
||||
Include:
|
||||
- A description of the vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
- Any suggested fix (optional)
|
||||
|
||||
**Response target:** 72 hours for acknowledgement, 14 days for triage.
|
||||
|
||||
We follow responsible disclosure — we will coordinate a fix and release before any
|
||||
public disclosure and will credit you in the release notes unless you prefer to remain
|
||||
anonymous.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
|---------|-----------|
|
||||
| Latest release | ✅ |
|
||||
| Older releases | ❌ — please upgrade |
|
||||
Loading…
Reference in a new issue