ShuriZma
/
project64
mirror of https://github.com/project64/project64.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add SECURITY.md for security policies and reporting

This commit is contained in:
Senaya WImalasena 2025-04-23 17:29:25 +08:00
parent 2c2060248d
commit 3280bd57c6
1 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
SECURITY.md Normal file
View File

@ -0,0 +1,26 @@
## Project64 Security Policy
**Reporting a Vulnerability**
If you discover any security vulnerabilities within the Project64 codebase, we encourage you to report them responsibly. Please email details of your findings to [INSERT DEDICATED SECURITY EMAIL ADDRESS HERE]. To help us effectively address the issue, please include as much relevant information as possible, such as:
* A clear description of the vulnerability.
* Steps to reproduce the vulnerability.
* The specific version(s) of Project64 affected.
* Potential impact of the vulnerability.
We appreciate your efforts in identifying and reporting security issues, which helps us to maintain the safety and integrity of Project64 for our users. We will work to acknowledge your report in a timely manner and keep you informed about our progress in addressing the vulnerability.
**Embargo Period and Disclosure**
We kindly request that researchers honor a reasonable embargo period to allow the Project64 maintainers time to investigate, develop fixes, and coordinate the release of patches. The duration of this embargo may vary depending on the severity and complexity of the vulnerability. We will communicate the expected timeline to you upon receiving your report. Coordinated disclosure ensures that our users have the necessary updates before vulnerability details become public.
**Sensitive Vulnerabilities and Secure Communication**
For vulnerabilities of a more sensitive nature that may require heightened security during communication, we are open to using more secure channels. If you believe your findings warrant this level of precaution, please mention this in your initial email to [INSERT DEDICATED SECURITY EMAIL ADDRESS HERE]. We can then discuss and establish a mutually agreeable secure communication method, such as Signal or another encrypted platform.
**Contributing to Security Research**
We encourage community involvement in enhancing the security of Project64. A great way to contribute is by exploring the codebase and identifying potential weaknesses. When conducting security research, we ask that you respect the stability and integrity of any systems you are testing against. If you inadvertently discover a vulnerability that you suspect has provided unauthorized access to a system, please immediately cease your activity and report it to [INSERT DEDICATED SECURITY EMAIL ADDRESS HERE].
Thank you for helping us keep Project64 secure!