|
| 1 | +# Security Policy |
| 2 | + |
| 3 | +## 📌 Project: Zecrypt Labs |
| 4 | + |
| 5 | +Zecrypt Lab is a zero-knowledge, end-to-end encrypted password manager designed with privacy and user data security as its top priorities. We take security issues seriously and appreciate responsible disclosures that help us improve the application for everyone. |
| 6 | + |
| 7 | +--- |
| 8 | + |
| 9 | +## 🔐 Supported Versions |
| 10 | + |
| 11 | +We actively maintain and patch security issues in the following versions: |
| 12 | + |
| 13 | +| Version | Supported | |
| 14 | +|---------|-----------| |
| 15 | +| Latest | ✅ | |
| 16 | + |
| 17 | + |
| 18 | +If you're not using the latest version, we recommend upgrading as soon as possible. |
| 19 | + |
| 20 | +--- |
| 21 | + |
| 22 | +## 📣 Reporting a Vulnerability |
| 23 | + |
| 24 | +If you discover a security vulnerability in Secrets Lab, please **do not create a public GitHub issue**. Instead, report it privately to ensure the safety of our users: |
| 25 | + |
| 26 | + |
| 27 | + |
| 28 | +When reporting a vulnerability, please include: |
| 29 | + |
| 30 | +- A clear and concise description of the issue. |
| 31 | +- Steps to reproduce (if possible). |
| 32 | +- Any potential impact or exploitation scenarios. |
| 33 | +- Suggestions for a fix (if applicable). |
| 34 | + |
| 35 | +We aim to respond to security reports **within 72 hours** and provide updates as we work toward a resolution. |
| 36 | + |
| 37 | +--- |
| 38 | + |
| 39 | +## 🔄 Vulnerability Handling Process |
| 40 | + |
| 41 | +1. **Initial Acknowledgement** (within 48 hours). |
| 42 | +2. **Verification & Impact Analysis**. |
| 43 | +3. **Patch Development** and coordinated disclosure. |
| 44 | +4. **Security Advisory Release** via GitHub and official channels. |
| 45 | + |
| 46 | +--- |
| 47 | + |
| 48 | +## 🛡️ Security Features |
| 49 | + |
| 50 | +Secrets Lab is designed with security at its core: |
| 51 | + |
| 52 | +- **Zero-Knowledge Architecture**: We do not have access to your passwords or encryption keys. |
| 53 | +- **End-to-End Encryption**: All data is encrypted client-side before being sent to the server. |
| 54 | +- **No Raw Data Storage**: We never log or store unencrypted secrets. |
| 55 | +- **Automatic Logout & Session Expiry** |
| 56 | +- **Rate Limiting & Brute-force Protection** |
| 57 | + |
| 58 | +--- |
| 59 | + |
| 60 | +## 🧪 Responsible Disclosure Rewards |
| 61 | + |
| 62 | +We’re currently not offering monetary bounties, but all valid disclosures will be publicly credited (if desired) in our **Security Hall of Fame**. |
| 63 | + |
| 64 | +--- |
| 65 | + |
| 66 | +## 🙌 Acknowledgments |
| 67 | + |
| 68 | +We thank all security researchers and ethical hackers who help improve Secrets Lab. Your contributions help us build a safer digital future. |
| 69 | + |
| 70 | +--- |
| 71 | + |
| 72 | +## 📄 License |
| 73 | + |
| 74 | +This project is open-source and available under the [custom license](./LICENSE), restricting commercial use. Please respect its terms when contributing or reusing. |
| 75 | + |
| 76 | +--- |
| 77 | + |
| 78 | +Stay safe, |
| 79 | +**The Zecrypt Labs Team** |
0 commit comments