SECURITY.md

SECURITY.md

@@ -0,0 +1,45 @@
+# Security Policy
+
+## Supported Versions
+
+Currently supported versions of NeatShift:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.0   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+We take security seriously at NeatShift. If you discover a security vulnerability, please follow these steps:
+
+1. **Do Not** create a public GitHub issue
+2. Email your findings to [email protected]
+3. Include:
+   - A brief description of the vulnerability
+   - Steps to reproduce
+   - Potential impact
+   - Suggestions for fixing (if any)
+
+### What to Expect
+
+- **Initial Response**: Within 48 hours
+- **Status Update**: Within 1 week
+- **Resolution Timeline**: Typically within 2 weeks
+
+### Process
+
+1. **Acknowledgment**: You'll receive confirmation of your report
+2. **Investigation**: We'll investigate and validate the issue
+3. **Updates**: We'll keep you informed of our progress
+4. **Resolution**: Once fixed, we'll notify you and discuss public disclosure
+
+### Public Disclosure
+
+- Security issues will be disclosed after a fix is available
+- You'll be credited for the discovery (unless you prefer to remain anonymous)
+- We follow a 90-day disclosure timeline from fix to public announcement
+
+### Safe Harbor
+
+We consider security research conducted under this policy as authorized conduct and will not initiate legal action for accidental violations of this policy.