|
| 1 | +# 🛡️ Security Policy |
| 2 | + |
| 3 | +## 📌 Supported Versions |
| 4 | + |
| 5 | +We aim to keep `Advanced-Discord-Bot` up to date and secure. Please see below for the versions we currently support with security updates. |
| 6 | + |
| 7 | +| Version | Supported | |
| 8 | +|---------|--------------------| |
| 9 | +| Latest | ✅ Yes | |
| 10 | +| Older | ❌ No | |
| 11 | + |
| 12 | +--- |
| 13 | + |
| 14 | +## 📬 Reporting a Vulnerability |
| 15 | + |
| 16 | +If you discover a security vulnerability, **please do not open an issue** on GitHub. |
| 17 | + |
| 18 | +Instead, follow these steps: |
| 19 | + |
| 20 | +1. **Email the maintainer directly** |
| 21 | +2. Include the following details: |
| 22 | + - Description of the vulnerability |
| 23 | + - Steps to reproduce (if possible) |
| 24 | + - Potential impact |
| 25 | + - Any mitigation or workaround suggestions |
| 26 | + |
| 27 | +⌛ We aim to respond to security reports **within 72 hours**. |
| 28 | + |
| 29 | +--- |
| 30 | + |
| 31 | +## 🚫 Responsible Disclosure Guidelines |
| 32 | + |
| 33 | +We ask that you: |
| 34 | +- Do not publicly disclose the issue until it has been resolved. |
| 35 | +- Avoid testing vulnerabilities in a way that could disrupt services. |
| 36 | +- Act in good faith and with respect for user data and privacy. |
| 37 | + |
| 38 | +--- |
| 39 | + |
| 40 | +## 📃 Disclosure Policy |
| 41 | + |
| 42 | +- We follow a **coordinated disclosure** approach. |
| 43 | +- We appreciate responsible reporting and will publicly disclose the issue only **after a fix has been released**. |
| 44 | + |
| 45 | +--- |
| 46 | + |
| 47 | +## ✅ Security Best Practices |
| 48 | + |
| 49 | +While using this project, we recommend you: |
| 50 | + |
| 51 | +- Always run software in a secure and isolated environment. |
| 52 | +- Keep your dependencies up to date. |
| 53 | +- Avoid sharing sensitive API keys or credentials in `.env` or other public files. |
| 54 | + |
| 55 | +--- |
| 56 | + |
| 57 | +## 🙏 Acknowledgments |
| 58 | + |
| 59 | +We value the contributions from the community and encourage responsible disclosure to help keep `Advanced-Discord-Bot` safe and secure for all users. |
| 60 | + |
| 61 | +--- |
| 62 | + |
| 63 | +## 🔒 Resources |
| 64 | + |
| 65 | +- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories) |
| 66 | +- [OpenSSF Best Practices](https://bestpractices.dev/) |
| 67 | +- [OWASP Top 10](https://owasp.org/www-project-top-ten/) |
0 commit comments