We currently support the following versions of NetworkMonitor with security updates:
| Version | Supported |
|---|---|
| 0.1.x | ✅ |
We take security vulnerabilities seriously. Please follow these steps to report a security issue:
- DO NOT open a public GitHub issue if the bug is a security vulnerability.
- Instead, please send an email to umerfarooq.dev@gmail.com with:
- Subject line: "Security Vulnerability: NetworkMonitor"
- Description of the vulnerability
- Steps to reproduce (if possible)
- Potential impact
- Any suggested fixes (if you have them)
- Acknowledgment within 48 hours
- Regular updates on the progress
- Credit in the security advisory when the issue is fixed
When using NetworkMonitor:
- Always run with minimum required privileges
- Keep the software updated to the latest version
- Monitor logs for suspicious activity
- Follow network security best practices
- Report any security concerns immediately
Our standard disclosure timeline:
- 0 hours: Initial report received
- 48 hours: Initial acknowledgment
- 7 days: Initial assessment completed
- 30 days: Fix developed and tested
- 45 days: Fix released
- 60 days: Public disclosure
This timeline may be adjusted based on severity and complexity.
Security updates are distributed through:
- GitHub Releases
- Security Advisories
- Email notifications (for registered users)
We maintain security through:
- Regular dependency updates
- Automated security scanning
- Code review requirements
- Security-focused testing
- Regular security audits
We appreciate the security research community's efforts in responsibly disclosing vulnerabilities. Security researchers who have contributed will be credited in our Hall of Fame (unless they wish to remain anonymous).