Skip to content

Security: swarooppatilx/scruter

SECURITY.md

Scruter Security Policy

Introduction

At Scruter, we prioritize the security and privacy of our users. We are committed to protecting the information you share with us and providing a safe platform for buying, selling, and community interactions. This document outlines the procedures for reporting security issues and our commitment to addressing them swiftly.

Supported Versions

Scruter provides security updates for the following versions:

Version Supported Notes
Latest Release ✅ Supported Actively maintained with all critical updates and patches.
Previous Major ✅ Supported Receives important security patches, but new features are not added.
Older Versions ❌ Not Supported Users are encouraged to upgrade to a newer version to receive security updates.

We strongly encourage users to stay on the latest version to ensure they benefit from the latest security patches.

Reporting a Vulnerability

If you discover any security vulnerabilities or suspect potential issues in Scruter, please follow these guidelines:

  1. Email us: Report the vulnerability by sending an email to [email protected]. Include a detailed description of the issue, steps to reproduce it, and any relevant supporting materials.
  2. Do not share publicly: Please refrain from disclosing the vulnerability publicly until we have resolved the issue.
  3. Provide contact information: So that we can reach out to you for further details if needed.

What We Expect

When submitting a vulnerability report, please ensure that you:

  • Provide a clear, concise description of the issue.
  • Include proof of concept (PoC) if available.
  • Respect user privacy, refrain from accessing or modifying user data.
  • Refrain from any actions that could negatively impact the platform (e.g., DDoS, malware injection).

Our Commitment

Scruter is dedicated to:

  1. Acknowledging your report within 48 hours.
  2. Investigating the issue thoroughly and communicating with you during the process.
  3. Resolving the issue in a timely manner.
  4. Offering recognition to researchers who follow responsible disclosure guidelines. This could include public acknowledgment or other rewards, depending on the severity and impact of the issue.

Scope

The following components are considered in-scope for security vulnerability reporting:

  • The Scruter website and any associated subdomains
  • Scruter's APIs and backend services
  • User data handling and account security mechanisms

Out-of-scope issues include:

  • Denial-of-service (DoS) attacks
  • Spam
  • Social engineering

Conclusion

Your security concerns are important to us. If you believe you have found a vulnerability, please don’t hesitate to report it. We value your assistance in making Scruter a safer platform for everyone.

There aren’t any published security advisories