Update SECURITY.md with detailed instructions for security vuln reports

2025-07-04 00:53:37 -05:00 · 2025-07-04 00:53:37 -05:00 · ebf2b0c1fa
parent ae425241c5
commit ebf2b0c1fa
1 changed files with 31 additions and 3 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -4,9 +4,37 @@

 The X11Libre project takes security seriously. If you discover any vulnerabilities, please report them responsibly.

- **Contact**: https://github.com/metux info@metux.net legendarydood@gmail.com
- **Preferred Method**: Email with detailed reproduction steps, logs, and system info 
- **Public Disclosure**: Please wait until we’ve resolved the issue before making it public 
+### How to Report a Security Vulnerabilitiy
+
+Send a detailed email to one or more of the following contacts:
+- info@metux.net
+- legendarydood@gmail.com
+
+Include the following information:
+
+1. **Vulnerability description**
+   - What did you observe, and why is it a concern?
+
+2. **Reproduction steps**
+   - Clear, step-by-step instructions
+   - Include specific configurations or inputs required
+
+3. **System and environment details**
+   - OS version
+   - X11Libre version or commit hash
+   - Display manager, drivers, or hardware specifics
+
+4. **Supporting data**
+   - Logs (in plain text)
+   - Core dumps (if available and safe to share)
+
+5. **Impact analysis (if known)**
+   - Potential for remote or local exploitation
+   - Possible consequences (e.g. data exposure, privilege escalation, denial-of-service)
+
+Please allow us ample time to validate and patch the issue before disclosing it publicly.
+
+Feel free to privately message staff over our offical Matrix or Telegram if the issue is of extreme merit and needs an immediate solution. 

 ##  Supported Versions