Create SECURITY.md

2025-04-09 20:40:46 +00:00 · 2023-04-20 19:42:08 -04:00 · 2023-04-20 19:42:08 -04:00 · 3717c876e6
commit 3717c876e6
parent d93f715165
1 changed files with 27 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,27 @@
+Security Policy
+
+Supported Versions
+
+At MiniGPT-4, we prioritize the security of our product and its users. This section outlines which versions of MiniGPT-4 are currently supported with security updates.
+
+Version	Supported
+5.1.x	:white_check_mark:
+5.0.x	:x:
+4.0.x	:white_check_mark:
+< 4.0	:x:
+Reporting a Vulnerability
+
+We appreciate the effort of skilled security researchers in identifying and mitigating security vulnerabilities in MiniGPT-4. If you discover a vulnerability, please report it to us in a responsible manner.
+
+To report a vulnerability, please open an issue on the GitHub repository and tag it with the "security" label. When reporting a vulnerability, please include:
+
+A detailed description of the vulnerability.
+Steps to reproduce the vulnerability.
+Any supporting material, such as proof-of-concept code or screenshots.
+Your name/handle and contact information (if you wish to be credited).
+Any specific time-frame for disclosure (if applicable).
+We will acknowledge receipt of your report within 24 hours and will aim to provide an initial assessment of the vulnerability within 72 hours of receipt. If the vulnerability is accepted, we will work with you to identify and develop a fix for the issue. We will keep you updated on the progress of the fix and will provide credit to you in the release notes (if you wish to be credited).
+
+If the vulnerability is declined, we will provide an explanation for the decision and will work with you to address any concerns you may have.
+
+Thank you for helping us to make MiniGPT-4 a more secure product.