This policy outlines our commitment to maintaining the security of our project and provides guidance on supported versions and the process for reporting vulnerabilities. As we are in the early development phase (v0.1.1.3), this policy will be updated as the project evolves.
The table below specifies which versions of our project currently receive security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
| < 0.1 | ❌ |
- Support for older versions will be periodically reviewed based on user adoption and identified security needs.
- Only the latest minor and patch releases within a supported major version will receive updates.
We value the responsible disclosure of vulnerabilities and strive to address issues promptly and transparently. Here is our process for reporting vulnerabilities:
- Email: security@nestos.cloud
- PGP Key: Link to PGP key for secure communication
Include the following details in your report:
- Affected version(s)
- A clear description of the issue
- Steps to reproduce the vulnerability
- Any potential impact or exploit scenarios
- Acknowledgment: We will confirm receipt of your report within 5 business days.
- Initial Assessment: An initial analysis or a request for more information will be provided within 15 business days.
- Resolution: A fix or mitigation plan will be communicated within 60 days, depending on the severity and complexity of the issue.
- We will work with you to establish a suitable timeline for public disclosure.
- Credit will be given for the discovery unless anonymity is requested.
Thank you for contributing to the security of our project. Your efforts are critical in helping us maintain a safe and reliable platform for all users.