docs: Apply feedback on security policy

This commit is contained in:
Jade Ellis 2025-05-26 15:01:58 +01:00
parent 0ba77674c7
commit e8d823a653
No known key found for this signature in database
GPG key ID: 8705A2A3EBF77BD2

View file

@ -12,16 +12,18 @@ We provide security updates for the following versions of Continuwuity:
| Main branch | ✅ |
| Older releases | ❌ |
We may backport fixes to the previous release at our discretion, but we don't guarantee this.
## Reporting a Vulnerability
### Responsible Disclosure
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
1. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org)
2. Contact members of the team over E2EE private message.
1. Contact members of the team over E2EE private message.
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
3. **Do not disclose the vulnerability publicly** until it has been addressed
4. **Provide detailed information** about the vulnerability, including:
- A clear description of the issue
@ -30,6 +32,8 @@ We appreciate the efforts of security researchers and the community in identifyi
- Any possible mitigations
- Version(s) affected, including specific commits if possible
If you have any doubts about a potential security vulnerability, contact us via private channels first! We'd prefer that you bother us, instead of having a vulnerability disclosed without a fix.
### What to Expect
When you report a security vulnerability: