# Security Policy
## Supported Versions
The following versions are currently supported with security updates:
| main | :white_check_mark: |
| < 1.0 | :x: |
**Note**: This project is currently in pre-1.0 development. Security fixes are applied to the `main` branch. Once version 1.0 is released, this policy will be updated to reflect supported release versions.
## Reporting a Vulnerability
We take the security of this project seriously.
### How to Report
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report security vulnerabilities via one of the following methods:
1. **GitHub Security Advisories** (preferred): Use GitHub's [private vulnerability reporting](https://github.com/theroyalwhee0/brik/security/advisories/new)
2. **Email**: Contact the maintainer at <hismajesty@theroyalwhee.com>
### What to Include
Please include as much of the following information as possible:
- Type of vulnerability (e.g., cryptographic weakness, input validation, etc.)
- Step-by-step instructions to reproduce the issue
- Affected versions or commits
- Potential impact of the vulnerability
- Any suggested fixes or mitigations
### What to Expect
- **Initial Response**: Within 72 hours of your report
- **Status Update**: Within 2 weeks
- **Fix Timeline**: Based on severity and complexity
- **Credit**: Security researchers will be credited in release notes unless they prefer to remain anonymous
### Security Scope
Security issues of particular concern include:
- Input validation issues that could lead to code execution
- Dependency vulnerabilities affecting critical functionality
- Supply chain security issues
- Authentication or authorization bypass vulnerabilities
- Data exposure or privacy issues
Thank you for helping keep this project and its users safe!