From f559fb01266b3ccf568868190067b868242a863d Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Tue, 28 Feb 2023 20:12:28 +0100 Subject: [PATCH 1/2] Create SECURITY.md --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..099dda474 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Supported Versions + +Use this section to tell people about which versions of your project are +currently being supported with security updates. + +| Version | Supported | +| ------- | ------------------ | +| 1.5.14 | :white_check_mark: | +| <1.5.14 | :x: | + +## Reporting a Vulnerability + +Please use Slack to report a vulnerability in the channel. Given this is a p0wnable app, we do not have any bug bounty or rewards for you ;-). From 522ffbe3aca4ef41e5437fcc9f5ed1e73039bb5e Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Wed, 1 Mar 2023 22:40:43 +0100 Subject: [PATCH 2/2] feat(security-reporting): Added channel, and less version dependen text --- SECURITY.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 099dda474..d35d2fa06 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,14 +2,16 @@ ## Supported Versions -Use this section to tell people about which versions of your project are -currently being supported with security updates. +We only provide security updates for the latest version that has been released. See our [Release page](https://github.com/OWASP/wrongsecrets/releases) +The "support latest only" holds both for WrongSecrets and WrongSecrets-CTF-party. | Version | Supported | | ------- | ------------------ | -| 1.5.14 | :white_check_mark: | -| <1.5.14 | :x: | +| latest | :white_check_mark: | +|