From 8fed06360b3671ee5a23ce871fe9040670e789c9 Mon Sep 17 00:00:00 2001 From: Milton Moura Date: Wed, 18 Dec 2024 16:40:12 -0100 Subject: [PATCH] Add Security Policy Signed-off-by: Milton Moura --- SECURITY.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..3d63d428 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,26 @@ +# Security Policy + +Nordeck establishes a clear process for reporting and addressing security vulnerabilities in our supported products and systems. It fosters collaboration with researchers and stakeholders, ensuring issues are resolved promptly to protect our users and strengthen trust in our organization. + +## Supported Versions + +| Package | Version | Supported | +| ------------------------------------ | ------- | ------------------ | +| @matrix-widget-toolkit/api | >= 4.x | :white_check_mark: | +| @matrix-widget-toolkit/mui | >= 2.x | :white_check_mark: | +| @matrix-widget-toolkit/react | >= 2.x | :white_check_mark: | +| @matrix-widget-toolkit/testing | >= 3.x | :white_check_mark: | +| @matrix-widget-toolkit/widget-server | >= 1.x | :white_check_mark: | + +## Reporting a Vulnerability + +If you have discovered a security issue with our products, please submit a report to security@nordeck.net, with the following information: + +- Your contact email address +- The vulnerability description +- The steps to reproduce it and a proof of concept +- The assumed impact and recommended fix + +Nordeck does not provide compensation in exchange for information pertaining to security vulnerabilities under this policy. We may choose not to pursue, contact, or otherwise interact with reporters who decline to identify themselves when making the report. We will deal in good faith with reporting parties who comply with these guidelines. We may choose to disregard submissions by parties who submit a high volume of low-quality reports. + +For more detailed information, please read Nordeck's full [Vulnerability Disclosure Policy](https://github.com/nordeck/.github/blob/main/SECURITY.md).