NeatShift/SECURITY.md

Security Policy

Supported Versions

Currently supported versions of NeatShift:

Version	Supported
2.0.0	✅
1.0.0	✅
< 1.0	❌

Reporting a Vulnerability

We take security seriously at NeatShift. If you discover a security vulnerability, please follow these steps:

1. Do Not create a public GitHub issue
2. Email your findings to neatshiftcontact@zohomail.in
3. Include:
   • A brief description of the vulnerability
   • Steps to reproduce
   • Potential impact
   • Suggestions for fixing (if any)

What to Expect

• Initial Response: Within 48 hours
• Status Update: Within 1 week
• Resolution Timeline: Typically within 2 weeks

Process

1. Acknowledgment: You'll receive confirmation of your report
2. Investigation: We'll investigate and validate the issue
3. Updates: We'll keep you informed of our progress
4. Resolution: Once fixed, we'll notify you and discuss public disclosure

Public Disclosure

• Security issues will be disclosed after a fix is available
• You'll be credited for the discovery (unless you prefer to remain anonymous)
• We follow a 90-day disclosure timeline from fix to public announcement

Safe Harbor

We consider security research conducted under this policy as authorized conduct and will not initiate legal action for accidental violations of this policy.

Application Security

NeatShift takes security seriously:

1. Open Source: All code is publicly available for review under GPL 3.0
2. GitHub Releases: All releases are published through official GitHub channels
3. Double Safety: Choose between quick NeatSaves backup or full system restore points
4. Error Prevention: Built-in validation and safety checks
5. Auto Updates: Secure in-app update system

Verifying Releases