Create SECURITY.md #18
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,60 @@ | ||||||||||||||
| Here is a professional and project-tailored Security Policy for your Universal Physics Hub repository. This version is clear, actionable, and matches open-source best practices for a project focused on interactive educational physics simulations. | ||||||||||||||
|
There was a problem hiding this comment. This introductory sentence appears to be a conversational note from a template or generator and is not part of the formal security policy. It should be removed to keep the document professional and focused. |
||||||||||||||
|
|
||||||||||||||
| --- | ||||||||||||||
|
|
||||||||||||||
| # Security Policy | ||||||||||||||
|
|
||||||||||||||
| ## Supported Versions | ||||||||||||||
|
|
||||||||||||||
| The following table shows which versions of Universal Physics Hub are currently supported with security updates: | ||||||||||||||
|
|
||||||||||||||
| | Version | Supported | | ||||||||||||||
| | ------- | ------------------ | | ||||||||||||||
| | 5.1.x | :white_check_mark: | | ||||||||||||||
| | 5.0.x | :x: | | ||||||||||||||
| | 4.0.x | :white_check_mark: | | ||||||||||||||
| | < 4.0 | :x: | | ||||||||||||||
|
Comment on lines
+13
to
+16
There was a problem hiding this comment. The versions listed in the 'Supported Versions' table (e.g.,
Suggested change
|
||||||||||||||
|
|
||||||||||||||
| Only the listed versions above receive security updates. Please upgrade to a supported version to ensure you are protected against vulnerabilities. | ||||||||||||||
|
|
||||||||||||||
| ## Reporting a Vulnerability | ||||||||||||||
|
|
||||||||||||||
| We take security seriously and appreciate your help in keeping Universal Physics Hub and its users safe. | ||||||||||||||
|
|
||||||||||||||
| **How to Report** | ||||||||||||||
|
|
||||||||||||||
| - Please report security vulnerabilities by emailing us at [sourav.xcd@gmailcom] or by opening a private security advisory on GitHub (recommended). | ||||||||||||||
|
There was a problem hiding this comment. The email address is missing a dot before 'com'. It should be 'sourav.xcd@gmail.com'.
Suggested change
There was a problem hiding this comment. There appears to be a typo in the email address (
Suggested change
|
||||||||||||||
| - Do **not** disclose security issues publicly until they have been addressed and a fix is released. | ||||||||||||||
|
|
||||||||||||||
| **What to Include** | ||||||||||||||
|
|
||||||||||||||
| - A detailed description of the vulnerability. | ||||||||||||||
| - Steps to reproduce the issue. | ||||||||||||||
| - Any relevant logs, screenshots, or proof-of-concept code. | ||||||||||||||
| - Your contact information for follow-up. | ||||||||||||||
|
|
||||||||||||||
| **Response Process** | ||||||||||||||
|
|
||||||||||||||
| - You will receive an initial acknowledgment within 3 business days. | ||||||||||||||
| - We will investigate and provide updates at least once per week while the issue is being resolved. | ||||||||||||||
| - Once a fix is identified, we will coordinate a release and disclosure timeline with you. | ||||||||||||||
| - Credit will be given to reporters unless you request anonymity. | ||||||||||||||
|
|
||||||||||||||
| **Scope** | ||||||||||||||
|
|
||||||||||||||
| Universal Physics Hub is a React-based educational platform. Please focus reports on vulnerabilities that could impact user data, simulation integrity, code execution, or service availability. | ||||||||||||||
|
|
||||||||||||||
| **Out of Scope** | ||||||||||||||
|
|
||||||||||||||
| - Vulnerabilities in third-party dependencies (unless they impact Universal Physics Hub directly). | ||||||||||||||
| - Social engineering or physical attacks. | ||||||||||||||
| - Issues in outdated, unsupported versions. | ||||||||||||||
|
|
||||||||||||||
| **Stay Up-to-Date** | ||||||||||||||
|
|
||||||||||||||
| - Always use the latest supported version for the best security. | ||||||||||||||
| - Follow our [release notes](https://github.com/morningstarxcdcode/Universal-Physics-Hub/releases) for updates and advisories. | ||||||||||||||
|
|
||||||||||||||
| --- | ||||||||||||||
|
|
||||||||||||||
| If you have further requirements or a specific contact method, let me know and I can refine this further! | ||||||||||||||
|
There was a problem hiding this comment. This line appears to be a personal note or instruction rather than part of the security policy. It should be removed from the formal document.
Suggested change
There was a problem hiding this comment. This closing sentence appears to be a conversational note and should be removed from the final policy document. |
||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This line appears to be instructions or comments rather than part of the actual security policy. It should be removed as it's not appropriate for a formal SECURITY.md document.