Security Policy
Supported Versions
ScvmBot is an early-stage open source project. Security updates are currently provided for the latest version on the default branch.
| Version | Supported |
|---|---|
| Latest | Yes |
| Older versions | No |
Reporting a Vulnerability
If you believe you have found a security vulnerability in ScvmBot, please report it by email to chris@scvmbot.com.
Please do not open a public issue for suspected security vulnerabilities.
When reporting a vulnerability, it helps to include:
- A clear description of the issue
- Steps to reproduce it
- The potential impact
- Any proof-of-concept, logs, screenshots, or suggested remediation you are comfortable sharing
What you can expect after reporting:
- I will try to acknowledge receipt within 7 days
- I may follow up for clarification or additional details if needed
- If the report is validated, I will work on a fix and coordinate disclosure as appropriate
- If the report is determined not to be a security issue, I will let you know
No Bug Bounty
ScvmBot does not have a bug bounty program.
There is no bug bounty, reward program, or other compensation available for vulnerability reports, whether explicit or implied. By submitting a report, you acknowledge that no payment is offered or expected.
I still very much appreciate responsible disclosure and the time taken to report legitimate security issues.