Merge pull request #656 from OWASP/security-reporting

Create SECURITY.md
OWASP · Mar 1, 2023 · ba2d376 · ba2d376
2 parents b28cd0d + 522ffbe
commit ba2d376
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+We only provide security updates for the latest version that has been released. See our [Release page](https://github.com/OWASP/wrongsecrets/releases)
+The "support latest only" holds both for WrongSecrets and WrongSecrets-CTF-party.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | :white_check_mark: |
+| <before | :x:                |
+
+## Reporting a Vulnerability
+
+Please use Slack to report a vulnerability in the [#project-wrongsecrets](https://owasp.slack.com/archives/C02KQ7D9XHR) channel. You can register for the OWASP Slack [here](https://owasp.org/slack/invite). Given this is a p0wnable app, we do not have any bug bounty or rewards for you ;-).
+
+Given the project is ran by volunteers, we intend to respond within a week.