feat: udpate security policy docs (toeverything#5927)

donteatfriedrice · Feb 28, 2024 · 82f21ac · 82f21ac
1 parent d7ff7a3
commit 82f21ac
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,29 @@
+# Security Policy
+
+## Supported Versions
+
+We recommend users to always use the latest major version. Security updates will be provided for the current major version until the next major version is released.
+
+| Version         | Supported          |
+| --------------- | ------------------ |
+| 0.12.x (stable) | :white_check_mark: |
+| < 0.12.x        | :x:                |
+
+## Reporting a Vulnerability
+
+We welcome you to provide us with bug reports via and email at [[email protected]](mailto:[email protected]). We expect your report to contain at least the following for us to evaluate and reproduce:
+
+1. Using platform and version, for example:
+
+   - macos arm64 0.12.0-canary-202402220729-0868ac6
+   - app.affine.pro 0.12.0-canary-202402220729-0868ac6
+
+2. A sets of video or screenshot containing the reproduce steps that proves you successfully exploited the vulnerability, preferably including the time and software version of the successful exploit.
+
+3. Your classification or analysis of the vulnerability (optional)
+
+Since we are an open source project, we also welcome you to provide corresponding fix PRs.
+
+We will provide bounties for vulnerabilities involving user information leakage, permission leakage, and unauthorized code execution. For other types of vulnerabilities, we will determine specific rewards based on the evaluation results.
+
+If the vulnerability is caused by a library we depend on, we encourage you to submit a security report to the corresponding dependent library at the same time to benefit more users.