📝 Security policy updates

- Removed email support (https://scratch.mit.edu/discuss/post/8064870) - Updated liability policy - Updated with a more professional tone
SnarpleDev · Jul 27, 2024 · 3380488 · redstone-dev · Jul 27, 2024 · NotFenixio
1 parent efd48ff
commit 3380488
Showing 1 changed file with 8 additions and 17 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,27 +2,18 @@
 
 ## Supported Versions
 
-The current new draft for version support (made by me, @dynamixbot) is to support the latest app version and web version (without getting in financial trouble). Old versions will be supported until majority (85% of active) of users migrate to the new version. After that, the old version will be deprecated and will not work at all.
-Internal minor updates to the app or webapp will be automatically updated during launch. Major updates on app will require fresh install of new version and will be available on only new versions. Experiemental versions will be immediately deprecated after a release of a stable release. Any damage or failure to property or else is not the liability of Snazzle, Snarple or any affiliates.
+Our current version support policy aims to maintain the latest application and web versions while ensuring financial sustainability. We support older versions until 85% of active users migrate to the new version. After this threshold, the old version will be deprecated and cease to function.
 
-## Reporting a Vulnerability
-
-**Please do not report on GitHub on public issues**
+Internal minor updates to the application or web app will be automatically applied during launch. Major updates to the application will require a fresh installation of the new version and will only be available for current versions. Experimental versions will be immediately deprecated upon the release of a stable version.
 
-Instead, report vulnerabilities from the GitHub security panel where by going into advisories, you can report a vulnerability. If you want to send a vulnerability anonymously, send an email to our team to report the issue. If possible, encrypt the message with our sensitive information key and send it to us. You will receive a response from our team within 24 hours. If for some reason you do not receive a response, please follow-up via email and we will check your reported issue.
+Please note that Snazzle, Snarple, members of the Snarple team, and any affiliates are not liable for any damage or failure to property resulting from the use or misuse of our software.
 
-If you are sending issues via email, please type it in the following format. GitHub reports will have the following format built-in.
+## Reporting a Vulnerability
 
-- Type of issue (eg:- buffer overflow, SQL injection, cross-site scripting, empty security script)
-- Level of issue (level 1 to level 4, with level 1 being low harm, and level 4 being server shutdown to fix issue.)
-- Location of bugged code and full path(s) of source files related to demonstration of issue
-- Special configurations related to issue
-- Step-by-step instructions to replicate the issue
-- Exploit code (if possible)
-- Impact of issue (also explaining how a hacker with malicious intent might use the exploit.)
+**Do not report vulnerabilities in public GitHub issues.**
 
-All of this information will help us to prioritize you issue accordingly.
+Please report vulnerabilities through the GitHub security panel by navigating to the Advisories section. We will respond to your report within 24 hours.
 
-### Preferred Languages
+### Preferred Language
 
-It is recommended that you use English to report vulnerabilities or use a translator to your language to English.
+We recommend using English to report vulnerabilities. If necessary, please use a translation service to convert your report from your preferred language to English.