From e73e0715a3eef768a5e0b992b7e96af96b5f4b33 Mon Sep 17 00:00:00 2001
From: fortishield <161459699+FortiShield@users.noreply.github.com>
Date: Wed, 24 Sep 2025 10:18:13 +0600
Subject: [PATCH] Update SECURITY.md

---
 SECURITY.md | 28 ++++++++--------------------
 1 file changed, 8 insertions(+), 20 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 4737911..a8ac00c 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,27 +2,15 @@
 
 ## Reporting a Vulnerability
 
-If you discover a vulnerability in any of our projects, please follow these steps:
+If you discover a security issue, please report it responsibly via [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories) or email security@yourdomain.com.
 
-1. **Do not disclose the vulnerability publicly** until it has been resolved.
-2. **Contact us directly** at [security@khulnasoft.com](mailto:security@khulnasoft.com). Please include the following information in your report:
-   - A description of the vulnerability
-   - Steps to reproduce or a proof of concept (PoC)
-   - Any relevant system/environment details (e.g., OS version, software version)
-3. **We will acknowledge receipt** of your report and work with you to resolve the issue.
-4. Once resolved, the vulnerability will be disclosed publicly, with appropriate credit given.
+## Security Roles
 
-## Responsible Disclosure
+- Security Maintainers: @username1, @username2
+- Pentesters: @username3
 
-We take security very seriously. Any security issue discovered should be reported directly to us, and we will ensure that the issue is patched and disclosed responsibly. By following this process, you help protect the integrity of this project and its users.
+## Security Practices
 
-## Vulnerability Disclosure Timeline
-
-- **Day 0**: Vulnerability report received.
-- **Day 1–3**: Acknowledgment and preliminary assessment.
-- **Day 4–14**: Fix development and testing.
-- **Day 15**: Public disclosure (with fixes) and credit given.
-
-Please **do not** use the tools or exploits provided here to attack unauthorized systems. Follow legal guidelines in your local jurisdiction when testing systems.
-
-Thank you for helping us keep our projects secure!
+- Code review required for all merges.
+- Automated security scanning in CI/CD.
+- Regular dependency updates and audits.