# Security Policy The security of our project and its users is a priority. This document explains how to report vulnerabilities and what to expect when interacting with our team about security concerns. ## Supported Versions We provide security updates for the following versions of the project: | Version | Supported | |-------------------|------------------| | Latest (main) | ✅ | | Older versions | ❌ | If you are using an older version, we recommend updating to the latest version to ensure better security and support. ## How to Report a Vulnerability If you identify a security vulnerability, please report it by opening an **issue** in the project's repository. When reporting a vulnerability, include the following information in your report: 1. A detailed description of the vulnerability. 2. Clear steps to reproduce the issue. 3. Potential impacts or exploitation scenarios. 4. Suggestions to mitigate the issue (if applicable). We commit to: - Acknowledging receipt of your report within **48 hours**. - Working to understand and resolve the issue as quickly as possible. - Notifying you once a solution is implemented and published. ## Scope This project focuses primarily on open hardware and related tools. We consider the following vulnerabilities relevant: - Security flaws in firmware or hardware design. - Issues related to build pipelines, repositories, or deployment tools. - Backdoors or unintended vulnerabilities in open-source tools used by the project. ## Security Updates and Disclosure Policy Once a vulnerability is reported and confirmed, the following process will be followed: 1. **Acknowledgment** of the issue within **48 hours**. 2. **Analysis and validation** of the reported vulnerability. 3. **Development** of an appropriate fix or mitigation. 4. **Release of a patch**, followed by a public explanation (if necessary). Our goal is to release fixes as quickly as possible, taking into account the severity and complexity of the issue. --- If you have any questions about this policy or need additional clarification, contact us through the issues section in the repository.