From 387ff5fa0fe366610cd0afe059ec85b5a064717c Mon Sep 17 00:00:00 2001 From: Jeroen Boersma Date: Thu, 19 Feb 2026 10:33:41 +0100 Subject: [PATCH] Create SECURITY.md for vulnerability reporting Added a security policy document outlining vulnerability reporting, response timelines, and commitment to security. --- SECURITY.md | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..eefdfce --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,36 @@ +# Security Policy + +## Reporting a Vulnerability + +If you believe you've found a security vulnerability in this project, we encourage you to let us know. +Please report it by emailing us at [security@hyva.io](mailto:security@hyva.io). +We take security seriously and will respond as quickly as possible. + +## Bug Bounty Program + +Please note that we do not have a paid bug bounty program at this time. However, we appreciate your efforts in helping us keep our project secure. + +## Guidelines for Reporting + +When reporting a vulnerability, please include the following information: +- A clear description of the vulnerability. +- Steps to reproduce the issue. +- Any relevant screenshots or logs. +- Your contact information (optional) for follow-up questions. + +## Response Timeline + +We aim to acknowledge your report within 5 business days. Please note that complexity may affect the time it takes to fix the issue, and there is no fixed deadline for resolutions. + +## Disclosure Policy + +We will determine public disclosure timelines on a case-by-case basis once an issue has been resolved. Our goal is to balance transparency with user safety. + +## Our Commitment + +We commit to: +- Acknowledging your report promptly. +- Investigating all reported vulnerabilities thoroughly. +- Keeping you updated on our progress towards fixing the issue. + +Thank you for helping us maintain the security of our project!