SECURITY.md

Security Policy

Reporting a Vulnerability

At The Pheasant Group, we take security seriously and value the contributions of security researchers in keeping our framework and users safe. If you believe you've discovered a security vulnerability in The Pheasant Framework, we encourage you to notify us immediately. We will investigate all legitimate reports and do our best to quickly fix the issue.

Please follow these guidelines when reporting security vulnerabilities:

1. Disclosure: Please do not publicly disclose the vulnerability until we have had a chance to address it. We believe in responsible disclosure, and we are committed to releasing fixes as quickly as possible.

2. Reporting: To report a vulnerability, please send an email to [email protected]. Please provide a detailed description of the vulnerability, including steps to reproduce it if possible. You may encrypt sensitive information using our PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

mQINBGXGzVMBEAC0EHmRqgMxiS0jsh/0sr27eOlYsajBUVQ54/Om127n16RoyyrU
qfvMg81EbN5kVvQBv3y/5746Sv57inCJsRjjIZLIdTy3UsQdAufnFdDpP4ZfzAx2
NilDHefHSJ5QSyJCcQx8v/vHJpjFXtWRgN+2iW1IBMHesjNbV3bNmQ/1qsWTQGRK
asFxK8CHcc9tNwqcAOGPv9QPT3P6NhmOxWe4AV7JQem6BPDB63xP0VP7wAXNnHbJ
d7b8xtguLcaZR0rinEqFw8TV10Nr60Hf8zSIa7R+A9bbSqCov3xC9LxK2bDBfveJ
hZDK1owm6KojlwLYQh3R3xe03qRdmyIRkLD0KAz3xQtpAv4F/O5XoNMxsikW6onP
mTMjWIOjrmJROQTA70tw/Vr2oJNnISns26zqUCnkcU8rL+n1R+8PdPfZ79QVAnbC
rZ4cVgGIJMPli48YY+sSM58142jIES2B47NZ9TAAGmqG5htimdVkOmMvrxVnmeEa
6a4WzVBj5jUMFbDpCTgmahdOopG7jRWhbzJpnFRAGAOhQMVtp+j1o5ZJqVSpS76T
3+QSQkWgyGpgSpqMdprwvp+XQa8VDab/AoxcLG1CvMBur9UZLc9VYeqjR3n+U9z6
igubgDXCqZAl7++knqEIVuecnyjpY9OmET0zefZ/z1nRwWSinibxauXAQwARAQAB
tFdQaGVhc2FudCBGcmFtZXdvcmsgKFRoZSBQaGVhc2FudCBGcmFtZXdvcmsgT2Zm
aWNpYWwgR1BHIEtleSkgPHJhdmVuQHRlY2gubnVnZWdyb3VwLmNvbT6JAlQEEwEI
AD4WIQQ9HcfApU7UtB6/ZZK0sKurE+J98wUCZcbNUwIbAwUJB4YfFwULCQgHAgYV
CgkICwIEFgIDAQIeAQIXgAAKCRC0sKurE+J98yhhD/9htM8S/n+ga3Wr85Hw6269
S6LGyXsZ9n5jyevOkTksQiMTTTedgt5F3MEKCF6J2nqOO4xXm7eNwS2YSy0DKBX/
MdcEpQcmLh5Emfp5I1k8LqW+nZJ4Lx1rDF5rMD9+Of9pQbWUyatwaCBXFgggh5cG
zF2Qw03Dg6jO0tPGXyj1QjJh8+cF9ZZ8XDZbWbFL2F/FjSdfKht3I5hXXA/fbYB8
udBLir4r7iYflBAW1l9ms2VDvb6e75X5yokabEtp6YaX1FrR0dDhisclBNNCt6Uf
5qbCZAlz+fjdaGbPpBaasVz6Ld+BGN8s5Td+8gh0q1i1jLbR5W/FFhB9LoKoDkJ9
i1alGzI73tncrpEN153y8xfvzToGDxAQ51HaiaYpP2K5gu4dvcZ6n/qU6kKxNskz
MuuEwyiz/xvHuRKLfJYNP6xBbyium/IJ+tUC0mWCzz3CO3WAu/E0xSp/hEWMWh+Q
3uUcFAuCqruUge89Bky3Q8/hBk4cVnDcuN6jSp93U+JQE5kUdMeauZFkWK6VvYkH
U9z/y/0p9VK7o9JXiY6LH1B/F7u5BMwLZIqbC0lS38fHDMzB4op8+FMuvJrcTikb
dEJZCnIymw2wiCHJHNafeHK/NUaSlJmWRsmKb/vBmLEjlxmNygyLzrbAuLvVKvIc
M3JySywnttGoQXx2n2Jw2LkCDQRlxs1TARAApAl18xBKUy8YGM7t7v5EMjLs/aPy
zBRLvxZojzO10E42Aryw9tL54A1E1APDHhFlkjDfcAsvN3whR/lFPJft+Eo3eYLf
+3ex62lyLUyvA/X5kYE0Je3QSxpSxt4FVjQIzOdtxtbjDW8KUV7ZZJDKVLKKJJaE
0Uyry3OrbP3aaCsIA5FyG+gLitR2V0LwvWhrxYD/cSpPtboVdetC4FET2rPWvf+B
2YeOU2Iaty/QywbqFm2YujKvY5Yxq/uX7ZIOxyeE5zUUaE304KIXXp1e58d1npZ9
E55LPvQa8zBoBIxOcQYMaVj7zA3JA027Ybna21dKCSFehsaowscRSIx8embvtJ4r
TB7A4kksybff3bgFxL02MQBVnkR2W8YiqSsudcuP+OPRxVs3sTEZGhGt06rtCAWz
GpjDRwJK2npLFEqrYgTUWWyvcJJPCbJcFrU6fckoK9t5xyMexD6PGd/gjwxl0Hfy
opZNsUV+FdOwZP1BK2SZaHmBdWkZcmuRjqnOPGopE0ikk2gR6JHuUL76xfwjwRry
cM7VvPH9mrokeOxdBpYCaGWjRKR/v+lrN/woaQYmqJOKws8Vft3fIrIxWKqJ7EoH
QZNkiOpveXrv+2EspfwK6qfJMWFAY5I3VytKi78E5tZ+D7/IXKnulfRjIAzBvh3E
Scfa2X0s9bMHrm0AEQEAAYkCPAQYAQgAJhYhBD0dx8ClTtS0Hr9lkrSwq6sT4n3z
BQJlxs1TAhsMBQkHhh8XAAoJELSwq6sT4n3zSnwP/iz4dj0MnO8RXTc6KG6kaSTL
//k0bfJ1uAEwmvifENKWEK+qq/imzejev9qyhh5pwQrdQvfPJYpEwWCGEwJxk0Qe
Gtih83uHM5HDZecYGxzrKfHDcXLtR80pcTrtAPPHVZXiLadWAfQc8nbWquA6zwlx
D/AoFpWLHa1EpAPx+C1IR1Ox2ufFGzr4W3iVfd8Pn0BLBJ19U0Odtks+KOnI9kXZ
Vm70JmlrI5itCdO3ge8WG8jF829MU2GZ4IeN2jPErjANMvV02HBm9uyROCIUMtn8
fENFpSyBIMvT8tlWViKh4Zau525DYnrytZgk6HMXBZkr5n5KFfXavQTen4N0cy6h
8DbFnRTvvahADsEl4YB+GJ8ky22xjhK84HXojxRjlSYhEan1FaAq7ngZ102DzdqV
7u+Q3Tyd5e300pJVsrnVDX5KHpWtwi9a4VwT+iPDTtBZrPUFbRovjHGKbQBPXbJV
1MuKOUL97Qa70RyuIIXOP/3EMKL3hMoAAFoZ1HVQqChus+LBKPYj+iM+wpeaXEAt
koHrSJil7TBenkyqOxZ4pbOw82qi53F/rbE3d1Xkbz5rXS1SkAJeLoYRoWoA7ccE
xBqFeDTkCd+UwkVlJ9vk0Pbm2upNZJEz/VEmBbblfBjT9c6xXT3y69aKkRmLsRh8
CX6dyeZIjLC0MDvRD67O
=fTo+
-----END PGP PUBLIC KEY BLOCK-----

3. Response: Upon receiving your report, we will acknowledge it within 48 hours and work with you to understand and confirm the issue. We will keep you informed throughout the process and provide updates on our progress.

4. Fixes: Once we have verified the vulnerability, we will develop and test a fix. We will release the fix as soon as possible and notify you when it is available.

5. Acknowledgment: We are happy to credit researchers who responsibly disclose security vulnerabilities to us. If you would like to be acknowledged for your discovery, please let us know when you report the vulnerability.

6. Bounty Program: At this time, we do not offer a formal bug bounty program, but we may provide rewards or recognition for particularly significant discoveries at our discretion.

Thank you for helping to keep The Pheasant Framework secure. We appreciate your cooperation and assistance in making our framework safe for everyone.