rust-template/SECURITY.md

23 lines
No EOL
973 B
Markdown

# Reporting a Vulnerability
To report a security issue, please contact me via E-Mail (security@chir.rs) or Matrix (@lotte:chir.rs) with either a standard bug report, or by pointing at the vulnerable code.
A proof of concept is appreciated, but not required. Please be available for further questions.
This project follows a 90 day disclosure policy. You can publically disclose the issue after 90 days, or when we disclose it ourselves.
## Security Hall of Fame
1. and you?
## Threat Model
[Insert as appropriate]
## Scope
We do not consider tests to be in scope for security vulnerabilities. If you think a test is missing, feel free to [contribute](./CONTRIBUTING.md) it.
## Supported Versions
We support the latest released version, as well as the most recent development versions. If the vulnerability only affects an older version with still sees some use (for example the previous major version), we may consider supporting it on a “best effort” basis.