At Devoter, we take the security of our software seriously. This security policy outlines our approach to handling security vulnerabilities in the devoter-app repository and related projects. We are committed to ensuring the confidentiality, integrity, and availability of our systems and data.

We provide security updates for the following versions of our software. Users are encouraged to upgrade to the latest supported version to receive ongoing security patches.

If you are using an unsupported version, we recommend upgrading as soon as possible to mitigate potential security risks.

When a security vulnerability is identified and confirmed, we will:

1. Develop and test a fix.
2. Release a security advisory with details about the vulnerability, its impact, and mitigation steps.
3. Provide patches or updates for supported versions.
4. Coordinate disclosure with the reporter, if applicable.

Security updates will be released as soon as possible, typically within 30 days of confirmation, depending on the severity and complexity of the issue.

If you discover a security vulnerability in this project, please report it to us responsibly. We appreciate the efforts of security researchers and the community in helping us maintain a secure environment.

To report a vulnerability, please email us at security@devoter.xyz. Please include the following information in your report:

1. Description of the Vulnerability:

   • A clear and detailed description of the vulnerability.
   • The potential impact, including any affected components or data.

2. Steps to Reproduce:

   • Step-by-step instructions to reproduce the issue.
   • Include any necessary code snippets, configurations, or environment details.

3. Supporting Documentation:

   • Logs, screenshots, or proof-of-concept code that demonstrates the vulnerability.
   • Any additional context that may help us understand and address the issue.

4. Your Contact Information:

   • Your name, email address, and any preferred method of contact.
   • If you wish to remain anonymous, please indicate this in your report.

• Acknowledgment: We will acknowledge receipt of your report within 48 hours and provide an initial assessment.
• Investigation: Our security team will investigate the issue and keep you updated on our progress, typically within 7-14 days.
• Resolution: Once resolved, we will notify you of the fix and may credit you in our security advisory, with your permission.
• Disclosure: We follow a coordinated disclosure process, aiming to release fixes before public disclosure.

We kindly ask that you adhere to responsible disclosure practices:

• Do not publicly disclose the vulnerability until we have had a reasonable opportunity to address it (typically 90 days from report).
• Avoid accessing, modifying, or deleting data beyond what is necessary to demonstrate the vulnerability.
• Do not perform denial-of-service attacks or other disruptive activities.

This security policy applies to the devoter-app repository and its associated components. Vulnerabilities in third-party dependencies or external services should be reported to the respective maintainers.

For security-related inquiries or reports, please contact us at security@devoter.xyz.

For general support or non-security issues, please use our standard support channels as outlined in the repository's README or issue tracker.

We appreciate the contributions of security researchers who help us improve our security. With your permission, we may acknowledge your efforts in our security advisories or on our website.

This security policy is subject to change without notice. By reporting a vulnerability, you agree to abide by the terms outlined herein. We reserve the right to take legal action against individuals who violate this policy or engage in malicious activities.