XanvicOS/SECURITY.md

24 lines
1.4 KiB
Markdown

# Security Policy
## What are the supported versions?
The supported version is the latest commit in the stable, and main branch.
If you want talk about a bug, vulnerability, or feature please make sure that you are on the latest release, beause maybe the issue has already been resolved or the feature has been added.
## Reporting a Vulnerability
Vulnerabilities are important, if you discover them, please report them immediately.
If you want to report it: create an issue, select vulnerability, read the template and edit it. Congratulations, you just reported a vulnerability!
## What order do we follow when fixing a vulnerability
We take vulnerabilities seriusly because they are security risks, but some vulnerabilities are more important and dangerous than others.
For this reason we have a n/10 scale in the vulnerability template.
We read every vulnerability, and fix them in order of importance.
## What security risks do I take when I use XanvicOS?
XanvicOS is just a hobby project. I try to fix all the bugs, but sometimes I don't discover some.
XanvicOS isn't being developed by a multi billion dollar company, but just by a student during his free time.
By using XanvicOS in a not controlled enviroment (like a VM) you basically accept the fact that by using it you are exposing yourself to some security risks.
If you find any, please report them. You'll help us.