From 8f24c0d3e4d6d90abf9fe77a02e03c3e73a1aaec Mon Sep 17 00:00:00 2001 From: PhillsPhanbh3 Date: Wed, 28 Jan 2026 20:25:06 -0500 Subject: [PATCH 1/2] Created Security.md file for TheCodeVerseHub for security vulnerability reporting I PhillsPhanbh3 has made a security policy for reporting ANY security vulnerabilities to the development team, so that patches can be made within a week of acknowledgment! --- SECURITY.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..b0c70a0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Supported Versions + +Our only supported version is the current version that the bot/code is on; **all** other versions are currently unsupported! + +## Reporting a Vulnerability + +You have discovered a SECURITY VULNERABILITY! OH NO! WHAT'S NEXT?! + +Next up is you have to make a report in the security tab, so that the development team can investigate your report. Reports are acknowledged within 72 hours, and a fix is output within a week (7 days) after acknowledgment IF the security vulnerability is true! +We (TheCodeVerseHub) ask you to make sure to report true security vulnerabilities because they **NEED** to get fixed right away! + +If we do confirm that you have found a genuine security vuln we do highly ask you to report it. +We (TheCodeVerseHub) thank you in advance for reporting ANY security vulnerabilities that you do find within our code before they can be exploited! From 8e20848b5a437ff2c4219f0f3c4108377cf0b5e7 Mon Sep 17 00:00:00 2001 From: PhillsPhanbh3 Date: Thu, 29 Jan 2026 13:34:06 -0500 Subject: [PATCH 2/2] Revise security vulnerability reporting guidelines Updated the language for reporting security vulnerabilities and added acknowledgment and response process details. --- SECURITY.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index b0c70a0..c3027f1 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,10 +6,17 @@ Our only supported version is the current version that the bot/code is on; **all ## Reporting a Vulnerability -You have discovered a SECURITY VULNERABILITY! OH NO! WHAT'S NEXT?! +So... You have discovered a vulnerability within our code. What's next? Next up is you have to make a report in the security tab, so that the development team can investigate your report. Reports are acknowledged within 72 hours, and a fix is output within a week (7 days) after acknowledgment IF the security vulnerability is true! We (TheCodeVerseHub) ask you to make sure to report true security vulnerabilities because they **NEED** to get fixed right away! -If we do confirm that you have found a genuine security vuln we do highly ask you to report it. -We (TheCodeVerseHub) thank you in advance for reporting ANY security vulnerabilities that you do find within our code before they can be exploited! +## Acknowledgment of the reported security vulnerability + +We do acknowledge reports within 72 hours and start investigating after alerting the rest of the team about your reported security vulnerability. + +## What will we do if the report is true? + +We will send back a message alerting the member that the report is true and is working on a fix right away. After a patch is sent out, we will update you and the Discord server about the security vulnerability that was patched. + +## We (TheCodeVerseHub) thank you in advance for reporting ANY security vulnerabilities that you do find within our code before they can be exploited!