Skip to content

docs: add SECURITY.md with vulnerability reporting policy #116

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RehanAhmad25 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

docs: add SECURITY.md with vulnerability reporting policy #116

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 51 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# Security Policy

## Supported Versions

The following versions of **School Website** are currently supported with security updates:

| Version | Supported |
| ------- | ------------------ |
| main | βœ… Yes |

## Contact Details

To report a security vulnerability in **School Website**, please reach out via:

- πŸ‘€ Maintainer: [Sitaram8472](https://github.com/Sitaram8472)
- πŸ’¬ Sending a private message through social links listed in the profile

> Please **do not** open a public GitHub issue for security vulnerabilities.

## What to Include in Your Report

- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions or components
- Potential impact assessment
- Any suggested fix (optional but appreciated)

## Expected Response Time

| Action | Timeframe |
| ----------------------------- | ----------------- |
| Acknowledgement of report | Within 48 hours |
| Status update | Within 7 days |
| Patch / fix release | Within 30 days |

## Responsible Disclosure Policy

We follow a **responsible disclosure** policy:

- Please report vulnerabilities **privately** before any public disclosure
- We request an **embargo period of 30 days** to investigate and patch the issue
- After a fix is released, you are welcome to publish your findings
- We will credit reporters in the patch notes unless anonymity is requested
- We deeply appreciate the efforts of security researchers πŸ™

## References

- [School Website Repository](https://github.com/Sitaram8472/School_Website)
- [GitHub Security Advisories Docs](https://docs.github.com/en/code-security/security-advisories)
- [Responsible Disclosure β€” OWASP](https://owasp.org/www-community/Vulnerability_Disclosure_Cheat_Sheet)
- [Adding a Security Policy to your repo](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository)