Creating security.md #175

security.md

@@ -0,0 +1,72 @@
+Security Policy
+
+Overview
+We take the security of our cryptocurrency platform very seriously. Ensuring the safety and privacy of our users' assets and data is our top priority. We are committed to identifying and fixing vulnerabilities in a responsible and timely manner. If you discover any potential security issues, we encourage you to report them immediately.
+
+Supported Versions
+We actively maintain and support the following versions of our platform. Security updates are provided for these versions:
+
+Version	Supported
+Latest Release	✅ Supported
+Previous Major	✅ Supported
+Older Versions	❌ No longer supported
+If you're using an unsupported version, we recommend upgrading to the latest version to ensure you are protected by the latest security patches.
+
+Reporting a Vulnerability
+If you believe you have found a security vulnerability in our platform, we encourage you to let us know as soon as possible. Please follow the guidelines below:
+
+Do not publicly disclose the vulnerability until we have had the opportunity to address it.
+Provide detailed information regarding the vulnerability, including:
+Steps to reproduce
+Proof of concept, if available
+Impact assessment (e.g., potential risks or threats)
+Any additional information that could assist in resolving the issue
+Please send your report to our dedicated security team at:
+Email: [email protected]
+
+We aim to respond to vulnerability reports within 48 hours and will work with you to understand and resolve the issue promptly. We are committed to transparency and will notify you once the vulnerability has been addressed.
+
+Bug Bounty Program
+To encourage responsible reporting and enhance the security of our platform, we offer a bug bounty program. Researchers who report valid security vulnerabilities may be eligible for a reward, depending on the severity of the issue.
+
+The reward range is determined based on the following criteria:
+
+Severity and impact of the vulnerability (e.g., low, medium, high, critical)
+Quality and clarity of the report
+Exploitability and risk level
+For more information on our bounty program and eligibility, visit Bug Bounty Program Details.
+
+Scope
+The following areas of our platform are considered in-scope for vulnerability reports:
+
+Web application (e.g., trading platform, account management, APIs)
+Mobile applications (Android and iOS)
+Blockchain interactions, wallets, and smart contracts
+Out-of-scope items:
+
+Denial of Service (DoS) attacks
+Social engineering attacks
+Spamming or phishing campaigns
+Physical attacks on infrastructure
+Response and Patch Policy
+Upon receiving a vulnerability report, we follow these steps:
+
+Acknowledgment: Confirm receipt of the report within 48 hours.
+Investigation: Verify and assess the severity of the reported issue.
+Mitigation: Work on a fix or implement security controls as needed.
+Notification: Inform the reporter once the issue has been resolved and, where applicable, publicly disclose the patch details.
+Reward: If applicable, distribute rewards as part of the bug bounty program.
+We aim to patch verified vulnerabilities within 30 days, depending on the complexity and severity of the issue.
+
+Security Best Practices
+We encourage all users to follow these security best practices:
+
+Use strong and unique passwords for your account.
+Enable two-factor authentication (2FA).
+Be cautious of phishing attempts and always verify the source of communication.
+Regularly review your account activity and report any suspicious activity to us immediately.
+Contact
+For general inquiries regarding our security practices, please contact us at:
+Email: [email protected]
+PGP Key: Available upon request for secure communication.
+