Created SECURITY.md ⛓️

rabisnaqvi · May 21, 2023 · a4b3157 · a4b3157
1 parent 6eac140
commit a4b3157
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,53 @@
+# Security Policy
+
+## Reporting Security Issues
+
+At Astral.js, we take security vulnerabilities and concerns seriously. We appreciate your efforts to responsibly disclose any potential vulnerabilities you discover to us.
+
+To report a security issue, please email us at [rabisnaqvi@gmail.com](mailto:rabisnaqvi@gmail.com). We will work with you to investigate and address the issue promptly.
+
+We kindly request that you refrain from publicly disclosing vulnerabilities until we have had the opportunity to review and address them.
+
+## Supported Versions
+
+The following table lists the versions of Astral.js that are currently supported with security updates. If your version is not listed, it means it has reached end-of-life and no longer receives security patches.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+| 0.x.x   | :x:                |
+
+We encourage you to upgrade to a supported version if you are using an older, unsupported release.
+
+## Security Best Practices
+
+To ensure the security of your applications using Astral.js, we recommend following these best practices:
+
+- **Keep your dependencies up to date:** Regularly update Astral.js to the latest version as it may include security patches and bug fixes.
+- **Implement input validation and sanitization:** Validate and sanitize all user input to prevent security vulnerabilities such as XSS (Cross-Site Scripting) and SQL injection attacks.
+- **Use secure communication channels:** When transmitting sensitive data, make sure to use secure communication channels such as HTTPS to protect against eavesdropping and data tampering.
+- **Follow secure coding practices:** Adhere to secure coding practices, such as proper data encryption, secure session management, and user authentication and authorization.
+- **Stay informed about security updates:** Subscribe to Astral.js's release notifications and security advisories to stay informed about the latest security updates and vulnerabilities.
+
+## Vulnerability Disclosure Process
+
+When a security vulnerability is reported to us, we follow a structured process to ensure timely handling and resolution:
+
+1. **Report submission:** Report the vulnerability to us via email at [rabisnaqvi@gmail.com](mailto:rabisnaqvi@gmail.com).
+2. **Acknowledgment:** We will acknowledge your report within 8 business days and provide you with details of our internal review process.
+3. **Investigation and verification:** Our security team will investigate and verify the reported vulnerability.
+4. **Resolution and patching:** Once verified, we will develop a fix for the vulnerability and release a patch.
+5. **Public disclosure:** We will work with you to determine an appropriate timeline for public disclosure after the vulnerability has been resolved.
+
+We greatly appreciate your assistance in disclosing any security vulnerabilities responsibly and cooperating with us throughout the resolution process.
+
+## Bug Bounty Program
+
+At this time, we do not offer a bug bounty program. However, we genuinely appreciate and recognize the efforts of security researchers in responsibly disclosing vulnerabilities to us.
+
+## Contact
+
+If you have any further questions or need to contact us regarding security-related matters, please email us at [rabisnaqvi@gmail.com](mailto:rabisnaqvi@gmail.com).
+
+Thank you for helping us keep Astral.js secure!
+