Skip to content

docs: add SECURITY.md with vulnerability disclosure policy#651

Open
yachikadev wants to merge 2 commits into
Dev-Card:mainfrom
yachikadev:docs/add-security-md
Open

docs: add SECURITY.md with vulnerability disclosure policy#651
yachikadev wants to merge 2 commits into
Dev-Card:mainfrom
yachikadev:docs/add-security-md

Conversation

@yachikadev

Copy link
Copy Markdown
Contributor

Closes #620

What's changed

  • Added SECURITY.md in the root of the repository

Why

DevCard handles user contact data and profile information but had no security disclosure policy. This is a GitHub best practice for any public repo handling personal data.

What's included

  • Supported versions table
  • Reporting channel via GitHub Private Security Advisory (keeps disclosure private by default)
  • Response timeline (48hr acknowledgement, 7 day update, 30 day fix)
  • In-scope vulnerabilities specific to DevCard's attack surface
  • Out-of-scope items
  • Responsible disclosure policy
  • Acknowledgement policy for reporters

@vercel

vercel Bot commented Jun 29, 2026

Copy link
Copy Markdown

@yachikadev is attempting to deploy a commit to the Prashantkumar Khatri's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added the gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking. label Jun 29, 2026
@github-actions

Copy link
Copy Markdown
Contributor

Hi @yachikadev,

Thanks for opening this pull request.

This PR has been automatically classified based on the files modified.

Applied Labels

  • gssoc:approved

Primary Review Area

  • null

Reviewer

null has been identified as the primary reviewer for this pull request.

If you have any questions regarding the affected area or implementation details, feel free to reach out to the assigned reviewer.

Thank you for your contribution!

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

CI — All Checks Passed

Backend — SKIP

Check Result
Lint -
Test -
Typecheck -

Mobile — SKIP

Check Result
Lint -
Test -

Web — SKIP

Check Result
Build -

Last updated: Wed, 01 Jul 2026 08:49:09 GMT

Comment thread SECURITY.md
| ------- | ------------------ |
| main | ✅ Yes |
| Version | Supported |
|---------|-----------|

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No major change in this table, so please remove the changes footprint from this table.

Comment thread SECURITY.md Outdated
| Acknowledgement of report | Within 48 hours |
| Status update | Within 7 days |
| Patch / fix release | Within 30 days |
| Action | Timeframe |

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No major change in this table, so please remove the changes footprint from this table.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the review @ShantKhatri! I've reverted both tables to their original format — removed the unnecessary formatting changes from the Supported Versions and Response Timeline sections. Please have a look!

@Harxhit Harxhit added the documentation Improvements or additions to documentation label Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation gssoc:approved Required label for every approved PR. Gives the base +50 points and enables contribution tracking.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

docs: add SECURITY.md with vulnerability disclosure policy

3 participants