Merge pull request #113 from Grazulex/copilot/fix-112

Grazulex · web-flow · commit 2a49e9b77555 · 2025-07-20T17:44:37.000+02:00
Standardize README.md footer structure and add Security Policy
diff --git a/README.md b/README.md
@@ -256,6 +256,10 @@ Check out the [examples directory](examples/) for complete working examples:
 
 We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details.
 
+## <span style="color: #FF9900;">🔒</span> Security
+
+If you discover a security vulnerability, please review our [Security Policy](SECURITY.md) before disclosing it.
+
 ## <span style="color: #FF9900;">📄</span> License
 
 Laravel Arc is open-sourced software licensed under the [MIT license](LICENSE.md).
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,54 @@
+# Security Policy
+
+## Supported Versions
+
+We provide security updates for the following versions of Laravel Arc:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability within Laravel Arc, please send an email to [jms@grazulex.be](mailto:jms@grazulex.be). All security vulnerabilities will be promptly addressed.
+
+Please do **not** report security issues publicly via GitHub issues or discussions. Security reports sent to the maintainer's email will be acknowledged within 48 hours.
+
+## Security Disclosure Process
+
+When reporting a security vulnerability, please include:
+
+1. **Description** - A clear description of the vulnerability
+2. **Impact** - What kind of vulnerability it is and who it impacts
+3. **Reproduction** - Detailed steps to reproduce the issue
+4. **Proof of Concept** - If applicable, include proof-of-concept code
+5. **Suggested Fix** - If you have ideas for how to fix the issue
+
+## Security Response Timeline
+
+- **Initial Response**: Within 48 hours of receiving the report
+- **Investigation**: We will investigate and validate the reported vulnerability
+- **Fix Development**: Development of a patch or mitigation strategy
+- **Release**: Coordinated disclosure and release of security update
+- **Public Disclosure**: After users have had time to upgrade
+
+## Security Best Practices
+
+When using Laravel Arc in your applications, we recommend:
+
+1. **Keep Updated** - Always use the latest version of Laravel Arc
+2. **Validate Input** - Ensure proper validation of all data passed to DTOs
+3. **Review Dependencies** - Regularly update your Composer dependencies
+4. **Follow Laravel Security** - Follow Laravel's security best practices
+
+## Bug Bounty Program
+
+We do not currently offer a bug bounty program, but we deeply appreciate responsible disclosure of security vulnerabilities.
+
+## Contact
+
+For security-related questions or concerns, please contact:
+- **Email**: [jms@grazulex.be](mailto:jms@grazulex.be)
+- **Maintainer**: Jean-Marc Strauven
+
+Thank you for helping keep Laravel Arc and our users safe!
