diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..c554af4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,60 @@ +Here is a professional and project-tailored Security Policy for your Universal Physics Hub repository. This version is clear, actionable, and matches open-source best practices for a project focused on interactive educational physics simulations. + +--- + +# Security Policy + +## Supported Versions + +The following table shows which versions of Universal Physics Hub are currently supported with security updates: + +| Version | Supported | +| ------- | ------------------ | +| 5.1.x | :white_check_mark: | +| 5.0.x | :x: | +| 4.0.x | :white_check_mark: | +| < 4.0 | :x: | + +Only the listed versions above receive security updates. Please upgrade to a supported version to ensure you are protected against vulnerabilities. + +## Reporting a Vulnerability + +We take security seriously and appreciate your help in keeping Universal Physics Hub and its users safe. + +**How to Report** + +- Please report security vulnerabilities by emailing us at [sourav.xcd@gmailcom] or by opening a private security advisory on GitHub (recommended). +- Do **not** disclose security issues publicly until they have been addressed and a fix is released. + +**What to Include** + +- A detailed description of the vulnerability. +- Steps to reproduce the issue. +- Any relevant logs, screenshots, or proof-of-concept code. +- Your contact information for follow-up. + +**Response Process** + +- You will receive an initial acknowledgment within 3 business days. +- We will investigate and provide updates at least once per week while the issue is being resolved. +- Once a fix is identified, we will coordinate a release and disclosure timeline with you. +- Credit will be given to reporters unless you request anonymity. + +**Scope** + +Universal Physics Hub is a React-based educational platform. Please focus reports on vulnerabilities that could impact user data, simulation integrity, code execution, or service availability. + +**Out of Scope** + +- Vulnerabilities in third-party dependencies (unless they impact Universal Physics Hub directly). +- Social engineering or physical attacks. +- Issues in outdated, unsupported versions. + +**Stay Up-to-Date** + +- Always use the latest supported version for the best security. +- Follow our [release notes](https://github.com/morningstarxcdcode/Universal-Physics-Hub/releases) for updates and advisories. + +--- + +If you have further requirements or a specific contact method, let me know and I can refine this further!