Security Policy

Welcome to my security policy. As an individual open source developer, I take security seriously while keeping things straightforward. This document outlines how I handle security for my projects and how you can report vulnerabilities.

Reporting a Vulnerability

If you discover a security issue, please email me directly at:

security@theroyalwhee.com

You can also find my security contact information in the standard /.well-known/security.txt file.

What to Include in Your Report

When reporting a vulnerability, please include:

• A description of the issue.
• Steps to reproduce.
• Potential impact.
• Any ideas for mitigation.

Response Timeline

As an individual developer, I'll do my best to respond promptly:

• Initial response: Within 72 hours.
• Status update: Within 2 weeks.
• Fix timeline: Based on severity and complexity.

Scope

This security policy covers:

• Code in my public repositories.
• My personal websites, endpoints and services that I maintain.

Expectations

What you can expect from me:

• I will treat your report with appreciation and respect.
• I will keep you updated on the status of your report.
• I will credit you for your discovery, unless you prefer to remain anonymous.
• I fix vulnerabilities that affect my code's functionality or user data immediately, but only address minor issues in build tool dependencies during regular updates.

What I ask of you:

• Please allow reasonable time for me to investigate and address issues.
• Avoid data destruction, service disruption, or privacy violations.
• Don't disclose vulnerabilities publicly before they've been addressed.

Thank You

Thank you for helping make my projects more secure. As an individual developer, I appreciate the community's support in building safer software.