diff --git a/LICENSE b/LICENSE index af1b940..23f2d73 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2025 NEO-SH1W4 +Copyright (c) 2024 Symbeon Labs & SH1W4 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal @@ -19,4 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - diff --git a/SECURITY.md b/SECURITY.md index 95bca0a..f9131a0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,66 +2,24 @@ ## Supported Versions -We take security seriously in DocSync. The following versions are currently supported with security updates: +Use this section to tell people about which versions of your project are +currently being supported with security updates. | Version | Supported | | ------- | ------------------ | -| 0.1.x | :white_check_mark: | +| 0.2.x | :white_check_mark: | +| 0.1.x | :x: | ## Reporting a Vulnerability -We appreciate responsible disclosure of security vulnerabilities. If you discover a security issue, please report it by emailing **security@docsync.dev** or by opening a private security advisory on GitHub. +We take the security of **DocSync** seriously. If you discover a vulnerability, please follow these steps: -### What to Include - -Please include the following information in your security report: - -1. **Description**: A clear description of the vulnerability -2. **Impact**: Potential impact and attack scenarios -3. **Reproduction**: Step-by-step instructions to reproduce the issue -4. **Environment**: Affected versions and operating systems -5. **Mitigation**: Any temporary workarounds you've identified +1. **Do NOT create a public GitHub issue.** We want to prevent zero-day exploits. +2. Send an email to **security@symbeon.com** (or contact SH1W4 directly). +3. Include a description of the vulnerability and steps to reproduce. ### Response Timeline +* We will acknowledge your report within 48 hours. +* We will provide a timeline for the fix within 1 week. -- **Initial Response**: Within 24 hours of report -- **Confirmation**: Within 72 hours -- **Resolution**: Security fixes are prioritized and typically released within 7-14 days -- **Disclosure**: Public disclosure after fix is available, coordinated with reporter - -### Security Features - -DocSync implements several security measures: - -- **Input Validation**: All user inputs are validated and sanitized -- **Path Traversal Protection**: File system operations are restricted to authorized directories -- **Token Security**: API tokens are handled securely and never logged -- **Dependency Scanning**: Regular automated scans for vulnerable dependencies -- **Static Analysis**: Code is analyzed with Bandit and other security tools - -### Security Best Practices - -When using DocSync: - -1. **Environment Variables**: Store sensitive tokens in environment variables, never in code -2. **File Permissions**: Ensure proper file permissions on configuration files -3. **Network Security**: Use HTTPS for all API communications -4. **Regular Updates**: Keep DocSync and its dependencies updated -5. **Audit Logs**: Monitor sync operations and access patterns - -### Security Contacts - -- **Security Team**: security@docsync.dev -- **Maintainer**: [NEO-SH1W4](https://github.com/NEO-SH1W4) -- **GitHub Security**: Use GitHub's private security advisory feature - -### Hall of Fame - -We recognize security researchers who help improve DocSync's security: - -*No reports yet - be the first!* - ---- - -**Note**: This security policy is actively maintained and may be updated. Check back regularly for changes. - +Thank you for helping keep the Agentic Ecosystem safe.