Skip to content

Commit 15fd303

Browse files
BornToBeRootBornToBeRoot
committed
Update SECURITY.md
1 parent 926b43a commit 15fd303

1 file changed

Lines changed: 52 additions & 3 deletions

File tree

SECURITY.md

Lines changed: 52 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,60 @@
11
# Security Policy
22

3+
> [!NOTE]
4+
> NETworkManager is a free, open-source project maintained in my spare time. There is **no warranty**, **no paid support**, and **no guaranteed response time**. I do my best to address security issues, but please understand that fixes depend on my available free time.
5+
36
## Supported Versions
47

5-
Only the current version (main) is supported.
8+
Only the latest release is considered for security fixes. Please ensure you are using the most recent version before reporting a vulnerability.
9+
10+
| Version | Supported |
11+
| ------- | ------------------ |
12+
| Latest | :white_check_mark: |
13+
| Older | :x: |
614

715
## Reporting a Vulnerability
816

9-
Contact me via [GitHub Security Advisory](https://github.com/BornToBeRoot/NETworkManager/security/advisories/new) with a detailed description of the vulnerability and how to reproduce it.
17+
> [!IMPORTANT]
18+
> Please **do not** open a public GitHub issue for security vulnerabilities.
19+
20+
If you discover a security vulnerability in NETworkManager, please report it responsibly through [GitHub Security Advisory](https://github.com/BornToBeRoot/NETworkManager/security/advisories/new).
21+
22+
### What to Include
23+
24+
To help us triage and resolve the issue quickly, please provide:
25+
26+
- A clear description of the vulnerability
27+
- Steps to reproduce the issue
28+
- Affected version(s)
29+
- Potential impact (e.g., data exposure, remote code execution)
30+
- Any suggested fixes or mitigations (optional)
31+
32+
### What to Expect
33+
34+
This project is maintained on a **best-effort basis** in my free time. That said, I take security seriously and will do my best to:
35+
36+
- Acknowledge your report as soon as I can.
37+
- Work on a fix or mitigation when time permits.
38+
- Credit you in the release notes (unless you prefer to remain anonymous).
39+
40+
Please be patient — there are no guaranteed timelines.
41+
42+
### Scope
43+
44+
The following are in scope for security reports:
45+
46+
- NETworkManager application code (all modules in `Source/`)
47+
- Profile encryption and credential handling
48+
- Network communication and protocol implementations
49+
- Installer and update mechanisms
50+
- Dependencies shipped with the application
51+
52+
The following are **out of scope**:
53+
54+
- Third-party tools launched by NETworkManager (e.g., PuTTY, TigerVNC)
55+
- The documentation website ([borntoberoot.net/NETworkManager](https://borntoberoot.net/NETworkManager))
56+
- Social engineering attacks
57+
58+
## Code Signing
1059

11-
I will try to fix it and publish an update ASAP!
60+
Official releases are signed via [SignPath.io](https://signpath.io/) through the [SignPath Foundation](https://signpath.org/). Always verify that you are using a signed binary from the official [GitHub Releases](https://github.com/BornToBeRoot/NETworkManager/releases) page or a trusted package manager (`winget`, `choco`).

0 commit comments

Comments
 (0)