doc/SECURITY.md
# Security Policy
## Supported Versions
Only the latest version [main branch](https://github.com/rubyforgood/casa) and currently deployed version of this project is in scope for security issues. Also, only the production environment is in scope, although it's ok and normal to test the staging environment.
## Reporting a Vulnerability
Please report a vulnerability by emailing casa@rubyforgood.org
You can also open a github issue (do NOT provide vulnerability details on github) to notify us that you need to report an issue.
We will reply to all reported issues within a week and update at least every two days.
We currently do not have any bug bounty program but we will be happy to list your name in our contributors list! :)