SECURITY.md

SECURITY.md

@@ -0,0 +1,67 @@
+# 🛡️ Security Policy
+
+## 📌 Supported Versions
+
+We aim to keep `driver-drowsiness-detection-system` up to date and secure. Please see below for the versions we currently support with security updates.
+
+| Version | Supported          |
+|---------|--------------------|
+| Latest  | ✅ Yes              |
+| Older   | ❌ No               |
+
+---
+
+## 📬 Reporting a Vulnerability
+
+If you discover a security vulnerability, **please do not open an issue** on GitHub.
+
+Instead, follow these steps:
+
+1. **Email the maintainer directly**
+2. Include the following details:
+   - Description of the vulnerability
+   - Steps to reproduce (if possible)
+   - Potential impact
+   - Any mitigation or workaround suggestions
+
+⌛ We aim to respond to security reports **within 72 hours**.
+
+---
+
+## 🚫 Responsible Disclosure Guidelines
+
+We ask that you:
+- Do not publicly disclose the issue until it has been resolved.
+- Avoid testing vulnerabilities in a way that could disrupt services.
+- Act in good faith and with respect for user data and privacy.
+
+---
+
+## 📃 Disclosure Policy
+
+- We follow a **coordinated disclosure** approach.
+- We appreciate responsible reporting and will publicly disclose the issue only **after a fix has been released**.
+
+--- 
+
+## ✅ Security Best Practices
+
+While using this project, we recommend you:
+
+- Always run software in a secure and isolated environment.
+- Keep your dependencies up to date.
+- Avoid sharing sensitive API keys or credentials in `.env` or other public files.
+
+---
+
+## 🙏 Acknowledgments
+
+We value the contributions from the community and encourage responsible disclosure to help keep `driver-drowsiness-detection-system` safe and secure for all users.
+
+---
+
+## 🔒 Resources
+
+- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories)
+- [OpenSSF Best Practices](https://bestpractices.dev/)
+- [OWASP Top 10](https://owasp.org/www-project-top-ten/)