diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..ae9c430 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# SDStudios Standard OSS Security Policy + +## Supported Versions + +Due to the way that TSAB is released and rolled out (continous upgrades and deployments), there is *currently* no set "supported versions". We do plan on starting to do offical versioned releases, which will have a gradual EOL date. + +For now, as long as you use the latest code from the main branch, you should be fine. + +## Reporting a Vulnerability + +If you find any vunrability in our code, please email us directly at [security@sd-studios.ml](mailto:security@sd-studios.ml) with the following information; +- What is the vunrability? +- How did you find such vunarability? +- Steps to reproduce +- Expected scope (All users, high target users, certain users, no users affected) +- Contact information + +If you choose, you can encrypt your email using GPG, if you take such an action, please email mailbox.sd-studios@gmail.com.
+Our GPG key can be found at [https://sd-studios.com/privacy/gpg](https://sd-studios.com/privacy/gpg). + +> The reason for a different email address for GPG signing is because the sd-studios.ml email is a forwarded domain, which allows us to filter spam with Cloudflare.

If you get a reply from the mailbox address, it's just us replying, no need to worry.