Jean-Philippe Brule
5c7736db98
- CLAUDE.md: repo-specific tech stack, commands, deps (points to root) - LICENSE: MIT 2026 svrnty (standardized) - CONTRIBUTING.md: unified workflow, correct co-author email - SECURITY.md: unified vulnerability reporting policy - CHANGELOG.md: Keep a Changelog template (if new) - lefthook.yml: added doc-hygiene hook, improved bootstrap Co-Authored-By: Svrnty Inc. <jp@svrnty.io>
53 lines
1.1 KiB
Markdown
53 lines
1.1 KiB
Markdown
# Security Policy
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
If you discover a security vulnerability, please report it responsibly.
|
|
|
|
**Do NOT open a public issue.**
|
|
|
|
### How to Report
|
|
|
|
Email: **security@svrnty.com**
|
|
|
|
Include:
|
|
- Description of the vulnerability
|
|
- Steps to reproduce
|
|
- Potential impact
|
|
- Any suggested fixes (optional)
|
|
|
|
### Response Timeline
|
|
|
|
- **Acknowledgment**: Within 48 hours
|
|
- **Initial Assessment**: Within 7 days
|
|
- **Resolution Target**: Within 30 days (depending on severity)
|
|
|
|
### What to Expect
|
|
|
|
1. We will acknowledge receipt of your report
|
|
2. We will investigate and validate the issue
|
|
3. We will work on a fix and coordinate disclosure
|
|
4. We will credit you (if desired) when the fix is released
|
|
|
|
### Scope
|
|
|
|
This policy applies to:
|
|
- Code in this repository
|
|
- Dependencies we control
|
|
- Infrastructure we operate
|
|
|
|
### Out of Scope
|
|
|
|
- Third-party services or dependencies
|
|
- Social engineering attacks
|
|
- Physical security
|
|
|
|
## Supported Versions
|
|
|
|
Security updates are provided for the latest release only.
|
|
|
|
| Version | Supported |
|
|
|---------|-----------|
|
|
| Latest | Yes |
|
|
| Older | No |
|