SECURITY.md

Security Policy

Supported Versions

We release security patches for the following versions:

Version	Supported
3.1.x	✅
< 3.1	❌

Reporting a Vulnerability

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

How to Report

1. Do NOT open a public GitHub issue for security vulnerabilities
2. Preferred: Use GitHub Security Advisories to report privately through GitHub
3. Alternative: Email security concerns to: security@rocketride.ai
4. Include as much detail as possible:
   • Description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggested fix (if any)

What to Expect

• Acknowledgment: Within 48 hours
• Initial Assessment: Within 5 business days
• Resolution Timeline: Depends on severity
  • Critical: 1-7 days
  • High: 7-30 days
  • Medium: 30-90 days
  • Low: Next release cycle

Disclosure Policy

• We will coordinate disclosure with you
• We request a 90-day disclosure window for non-critical issues
• We will credit reporters (unless anonymity is requested)

Security Best Practices

When using RocketRide Engine:

1. Keep Updated: Always use the latest version
2. Credentials: Never commit credentials or secrets
3. Dependencies: Regularly update dependencies
4. Access Control: Implement proper access controls
5. Encryption: Use encryption for sensitive data

Security Features

RocketRide Engine includes several security features:

• Encryption: Support for data encryption at rest and in transit
• Authentication: Configurable authentication mechanisms
• Keystore: Secure key management
• Audit Logging: Comprehensive activity logging

Thank you for helping keep RocketRide Engine secure!