This security policy outlines how security is handled for this project, how to report vulnerabilities, and what to expect in response. Our team is committed to ensuring the security of our project and appreciates the efforts of security researchers and our user community in identifying potential vulnerabilities.

We only support the latest released version of our project (latest GitHub release). Before reporting a vulnerability, please check that you are using the latest version.

We take the security of our project seriously. If you believe you've found a security vulnerability, please follow these steps:

1. DO NOT disclose the vulnerability publicly until it has been addressed by our team.
2. We use GitHub Security Advisories for vulnerability reporting. Please report security vulnerabilities through GitHub's private vulnerability reporting feature.
3. If you're unable to use GitHub Security Advisories, you may email your findings to security@backtick.group as an alternative.

Please include the following information in your report:

• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact of the vulnerability
• Any potential solutions you've identified
• Your name/handle if you wish to be credited for the discovery

After you've submitted a vulnerability report, you can expect the following:

1. Acknowledgment: We will acknowledge receipt of your report within 48 hours.
2. Verification: Our team will work to verify the vulnerability and its impact.
3. Updates: We will provide regular updates as our investigation progresses.
4. Resolution: Once the vulnerability is confirmed, we will work on a fix and coordinate with you on the disclosure timeline.

• The vulnerability will remain private until a fix is ready.
• Once a fix is ready, we will release it as soon as possible.
• After the fix is released, we will publicly acknowledge the vulnerability and the reporter (if desired).
• We aim to address and release fixes for vulnerabilities within 90 days of the report.

Security updates will be released in the following ways:

1. For critical vulnerabilities, we will release a patch as soon as possible.
2. For less severe issues, fixes may be included in regular releases.
3. Release notes will clearly indicate when security fixes are included.
4. Users will be notified through our regular communication channels.

To help ensure the security of your implementation:

1. Always use the latest version of the project.
2. Apply security patches promptly.
3. Follow security best practices relevant to the programming language and environment.
4. Regularly audit your dependencies for known vulnerabilities.
5. Implement proper access controls and authentication mechanisms.
6. Use secure communication protocols (HTTPS, SSH, etc.).

This section should be customized based on your project's specific security configurations:

• Recommended security settings
• Configuration options that enhance security
• Examples of secure configuration

We are transparent about the current limitations of our security measures:

• List any known security limitations
• Planned security enhancements
• Areas where extra caution is recommended

For security-related inquiries or to report a vulnerability, please contact:

• Security Email: security@backtick.group
• Project Maintainer: tab@backtick.group

Note: Replace these with your actual contact information.

We would like to thank the following individuals who have responsibly disclosed security vulnerabilities:

• This section will be updated as contributors report security issues

This security policy is a living document and may be updated or revised as needed. Last updated: 2025-07-31.