|
2 | 2 |
|
3 | 3 | ## Reporting a Vulnerability |
4 | 4 |
|
5 | | -Report the bug to aryan@sendai.fun and dev@sendai.fun with full details, do not create an issue for it |
| 5 | +We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us following these guidelines: |
| 6 | + |
| 7 | +### Reporting Process |
| 8 | + |
| 9 | +1. **DO NOT** create a public GitHub issue for the vulnerability |
| 10 | +2. Email your findings to: |
| 11 | + - Primary: aryan@sendai.fun |
| 12 | + - Secondary: dev@sendai.fun |
| 13 | + |
| 14 | +### What to Include |
| 15 | + |
| 16 | +Please include the following information in your report: |
| 17 | + |
| 18 | +- A clear description of the vulnerability |
| 19 | +- Steps to reproduce the issue |
| 20 | +- Affected versions |
| 21 | +- Any potential impacts |
| 22 | +- Optional: Suggested fixes or mitigations |
| 23 | + |
| 24 | +### Response Timeline |
| 25 | + |
| 26 | +- We will acknowledge receipt of your vulnerability report within 48 hours |
| 27 | +- We aim to send a more detailed response within 5 business days |
| 28 | +- We will keep you informed of our progress throughout the process |
| 29 | + |
| 30 | +### Security Updates |
| 31 | + |
| 32 | +Security updates will be released as soon as possible after we have confirmed and fixed the vulnerability. Updates will be published through: |
| 33 | + |
| 34 | +- GitHub releases |
| 35 | +- Security advisories |
| 36 | +- Email notifications to affected parties (if applicable) |
| 37 | + |
| 38 | +## Supported Versions |
| 39 | + |
| 40 | +As an open-source project under the Apache 2.0 license, we focus our security updates on the latest stable release. While you're free to use any version as per the Apache 2.0 license terms, we strongly recommend using the most recent version for the best security posture. |
| 41 | + |
| 42 | +| Version | Security Updates | |
| 43 | +| ------- | --------------- | |
| 44 | +| Latest Release | ✅ Active | |
| 45 | +| Previous Releases | ⚠️ Use at your own risk | |
| 46 | + |
| 47 | +Note: The Apache 2.0 license comes with NO WARRANTIES or CONDITIONS of any kind, either express or implied. Users are responsible for their own security assessment when using any version of this software. |
| 48 | + |
| 49 | +## Security Best Practices |
| 50 | + |
| 51 | +When using this software, please follow these security best practices: |
| 52 | +- Keep your private keys secure and never share them |
| 53 | +- Regularly update to the latest version |
| 54 | +- Review transaction details before signing |
| 55 | +- Use appropriate access controls in production environments |
| 56 | + |
| 57 | +## Bug Bounty Program |
| 58 | + |
| 59 | +Currently, we do not offer a bug bounty program. However, we greatly appreciate responsible disclosure of security vulnerabilities. |
| 60 | + |
| 61 | +## License |
| 62 | + |
| 63 | +This security policy is part of our project licensed under [Apache 2.0](LICENSE). |
0 commit comments