Update SECURITY.md with detailed instructions for security vuln reports

2025-07-04 00:53:37 -05:00 · 2025-07-04 00:53:37 -05:00 · ebf2b0c1fa
parent ae425241c5
commit ebf2b0c1fa
1 changed files with 31 additions and 3 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -4,9 +4,37 @@
 The X11Libre project takes security seriously. If you discover any vulnerabilities, please report them responsibly.
- **Contact**: https://github.com/metux info@metux.net legendarydood@gmail.com
+### How to Report a Security Vulnerabilitiy
- **Preferred Method**: Email with detailed reproduction steps, logs, and system info 
+
- **Public Disclosure**: Please wait until we’ve resolved the issue before making it public 
+Send a detailed email to one or more of the following contacts:
 - info@metux.net
 - legendarydood@gmail.com
 Include the following information:
 1. **Vulnerability description**
   - What did you observe, and why is it a concern?
 2. **Reproduction steps**
   - Clear, step-by-step instructions
   - Include specific configurations or inputs required
 3. **System and environment details**
   - OS version
   - X11Libre version or commit hash
   - Display manager, drivers, or hardware specifics
 4. **Supporting data**
   - Logs (in plain text)
   - Core dumps (if available and safe to share)
 5. **Impact analysis (if known)**
   - Potential for remote or local exploitation
   - Possible consequences (e.g. data exposure, privilege escalation, denial-of-service)
 Please allow us ample time to validate and patch the issue before disclosing it publicly.
 Feel free to privately message staff over our offical Matrix or Telegram if the issue is of extreme merit and needs an immediate solution. 
 ##  Supported Versions