Create SECURITY.md

DOodle25 · Nov 6, 2024 · 9f330bd · 9f330bd
1 parent 9190eb0
commit 9f330bd
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,30 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of SyncUp are currently supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| v1.0.0  | :white_check_mark: |
+| v1.0.2  | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in SyncUp, we encourage you to help us improve the project by following the steps below:
+
+1. **Please do not publicly disclose the vulnerability** until we have had a chance to address it.
+2. Send an email to [[email protected]](mailto:[email protected]) with the details of the vulnerability. Include:
+   - A clear description of the issue
+   - Steps to reproduce the vulnerability
+   - Any relevant screenshots or code snippets
+3. We will respond to your report as soon as possible to discuss the next steps.
+
+## Security Best Practices
+
+While contributing or using SyncUp, we encourage following these security best practices:
+- **Do not expose sensitive information** (like API keys, JWT secrets) in your code or commits.
+- Always **use environment variables** for sensitive data.
+- Use **strong passwords** for all user accounts and ensure data is transmitted securely (e.g., via HTTPS).
+
+Your help in identifying and responsibly disclosing vulnerabilities is greatly appreciated!