From 07ee9500dc86160906b1e21a04164d1579c46e7c Mon Sep 17 00:00:00 2001 From: VinceAle7082 Date: Sat, 28 Sep 2024 22:39:59 +0200 Subject: [PATCH] Better security policy --- SECURITY.md | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 24e60fc..5e22d09 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,15 +1,23 @@ # Security Policy -## Supported Versions - -These are the supported versions: - -| Version | Supported | -| ------- | ------------------ | -| All | :white_check_mark: | -| Not All | :x: | - +## What are the supported versions? +The supported version is the latest commit in the stable, and main branch. +If you want talk about a bug, vulnerability, or feature please make sure that you are on the latest release, beause maybe the issue has already been resolved or the feature has been added. ## Reporting a Vulnerability -Create an Issue, select vulnerability, write about it and congratulations, you reported a vulnerability! +Vulnerabilities are important, if you discover them, please report them immediately. +If you want to report it: create an issue, select vulnerability, read the template and edit it. Congratulations, you just reported a vulnerability! + +## What order do we follow when fixing a vulnerability + +We take vulnerabilities seriusly because they are security risks, but some vulnerabilities are more important and dangerous than others. +For this reason we have a n/10 scale in the vulnerability template. +We read every vulnerability, and fix them in order of importance. + +## What security risks do I take when I use XanvicOS? + +XanvicOS is just a hobby project. I try to fix all the bugs, but sometimes I don't discover some. +XanvicOS isn't being developed by a multi billion dollar company, but just by a student during his free time. +By using XanvicOS in a not controlled enviroment (like a VM) you basically accept the fact that by using it you are exposing yourself to some security risks. +If you find any, please report them. You'll help us.