Add SECURITY.md

2026-04-21 07:47:16 +00:00 · 2026-03-27 09:28:00 +01:00 · 2026-03-27 09:28:00 +01:00 · 444c2ef9ea
commit 444c2ef9ea
parent b0cf5b5a78
1 changed files with 36 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,36 @@
+# Security Policy
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please use GitHub's private vulnerability reporting:
+
+1. Go to the **Security** tab of this repository
+2. Click **"Report a vulnerability"**
+3. Fill out the form with details
+
+I will respond within **48 hours** and work with you to understand and address the issue.
+
+### What to Include
+
+- Type of issue (e.g., XSS, SQL injection, authentication bypass)
+- Full paths of affected source files
+- Step-by-step instructions to reproduce
+- Proof-of-concept or exploit code (if possible)
+- Impact assessment and potential attack scenarios
+
+## Supported Versions
+
+Only the latest version receives security updates. Please always use the most recent release.
+
+## Security Best Practices for Contributors
+
+1. **Never commit secrets** — use environment variables
+2. **Validate all input** — especially from external sources
+3. **Keep dependencies updated** — Dependabot is enabled on this repo
+4. **Follow the principle of least privilege** in all code
+
+## Contact
+
+For security questions that aren't vulnerabilities, open a regular issue or reach out via the repository's Discussions tab.