At [quantumcraft.app], we are committed to ensuring the security and integrity of our software. This policy outlines the versions we support and provides guidelines for reporting security vulnerabilities.

We actively maintain and provide security updates for the following versions of our software:

• Supported Versions: Receive regular security updates and patches.
• Not Supported: No longer receive security updates. We strongly recommend upgrading to a supported version to ensure optimal security.

We greatly appreciate the community's efforts in identifying and reporting security vulnerabilities. If you discover a security issue, please follow the steps below to report it responsibly:

• Email: Send a detailed report to our security team at ([email protected]).
• Subject Line: Include "Security Vulnerability Report" in the subject line.

In your report, please include:

• Description: A clear and concise description of the vulnerability.
• Impact: Potential impact and severity of the issue.
• Reproduction Steps: Step-by-step instructions to reproduce the vulnerability.
• Affected Versions: Specify which versions are affected.
• Your Contact Information: So we can reach out for clarification if needed.

• Confidentiality: Your report will be handled with strict confidentiality. We request that you do not share information about the vulnerability publicly until we've addressed it.
• Coordination: We may collaborate with you to better understand and resolve the issue.

• Acknowledgment: You will receive an acknowledgment of your report within 48 hours.
• Progress Updates: We will provide regular updates on the status of the investigation and resolution.
• Resolution Notification: Upon fixing the vulnerability, we will inform you prior to public disclosure.

• Credit: With your permission, we would like to acknowledge your contribution in our security advisories or release notes.
• Bug Bounty: Eligible reports may receive a reward as part of our bug bounty program.

• Initial Response: Within 48 hours of report receipt.
• Vulnerability Assessment: We aim to complete the assessment within 5 business days.
• Resolution: Security fixes are prioritized, and we strive to resolve critical issues within 15 business days.
• Public Disclosure: Coordinated with you, typically after a fix is released.

Your security reports help us keep our users safe. We are dedicated to:

• Timely Responses: Promptly addressing all reported vulnerabilities.
• Open Communication: Keeping you informed throughout the process.
• Continuous Improvement: Strengthening our products based on your valuable feedback.

• Security Team Email: (mailto:[email protected])
• Public Encryption Key: Available upon request for secure communication.

By working together, we can maintain a secure environment for all our users. Thank you for helping us protect the community.