|
|
@@ -0,0 +1,26 @@
|
|
|
+# Security Policy
|
|
|
+
|
|
|
+## Supported Versions
|
|
|
+
|
|
|
+CyberChef is supported on a best endeavours basis. Patches will be applied to
|
|
|
+the latest version rather than retroactively to older versions. To ensure you
|
|
|
+are using the most secure version of CyberChef, please make sure you have the
|
|
|
+[latest release](https://github.com/gchq/CyberChef/releases/latest). The
|
|
|
+official [live demo](https://gchq.github.io/CyberChef/) is always up to date.
|
|
|
+
|
|
|
+## Reporting a Vulnerability
|
|
|
+
|
|
|
+In most scenarios, the most appropriate way to report a vulnerability is to
|
|
|
+[raise a new issue](https://github.com/gchq/CyberChef/issues/new/choose)
|
|
|
+describing the problem in as much detail as possible, ideally with examples.
|
|
|
+This will obviously be public. If you feel that the vulnerability is
|
|
|
+significant enough to warrant a private disclosure, please email
|
|
|
+[oss@gchq.gov.uk](mailto:oss@gchq.gov.uk) and
|
|
|
+[n1474335@gmail.com](mailto:n1474335@gmail.com).
|
|
|
+
|
|
|
+Disclosures of vulnerabilities in CyberChef are always welcomed. Whilst we aim
|
|
|
+to write clean and secure code free from bugs, we recognise that this is an open
|
|
|
+source project written by analysts in their spare time, relying on dozens of
|
|
|
+open source libraries that are modified and updated on a regular basis. We hope
|
|
|
+that the community will continue to support us as we endeavour to maintain and
|
|
|
+develop this tool together.
|
n1474335