From c80d63a154d7ec834f62d6f7e9ef9f9140227dfe Mon Sep 17 00:00:00 2001 From: Ivan Carlos Date: Mon, 22 Dec 2025 00:32:18 +0000 Subject: [PATCH] Upload files to "/" --- SECURITY.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..3de89ef --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,29 @@ +# Security Guidelines + +## How We Manage Security for This Project + +We take security seriously and want to ensure that we maintain a secure environment for everyone, and that we also provide secure solutions for commercial clients and the open-source community. To help us achieve these goals, please note the following before using this software: + +- Review the software license to understand our obligations in terms of warranties and suitability for purpose. +- For any questions or concerns about security, you can reach out directly to us at ivan@ivancarlos.com.br. +- We request that you work with our security team and opt for responsible disclosure using the guidelines below. +- At this moment, there is no Bug Bounty Program for this open-source repository. +- We enforce SLAs on our security team and software engineers to remediate security bugs in a timely manner. +- All security-related issues and pull requests you make should be tagged with "security" for easy identification. +- Please monitor this repository and update your environment in a timely manner as we release patches and updates. + +## Responsibly Disclosing Security Bugs + +If you find a security bug in this repository, please work with us following responsible disclosure principles and these guidelines: + +- Do not submit a normal issue or pull request in our public repository; instead, report through our Bug Bounty or directly to ivan@ivancarlos.com.br. + - If you would like to report anonymously, please report an incident security from [here](https://suporte.ivancarlos.com.br/hc/en-us/requests/new?ticket_form_id=14037905372301) or check secure communication platforms like Signal or Telegram [here](https://ivancarlos.me). +- We will review your submission and may follow up for additional details. +- If you have a patch, we will review it and approve it privately; once approved for release, you can submit it as a pull request publicly in our repos (we give credit where credit is due). +- We will keep you informed during our investigation; feel free to check in for a status update. +- We will release the fix and publicly disclose the issue as soon as possible, but want to ensure we do proper due diligence before releasing. +- Please do not publicly blog or post about the security issue until after we have updated the public repo so that other downstream users have an opportunity to patch. + +## Contact + +If you have any questions, please reach out directly to us at ivan@ivancarlos.com.br.