We take security seriously and provide security updates for the following versions:
Version | Supported |
---|---|
2.1.x | β |
2.0.x | β |
1.9.x | β |
< 1.9 | β |
If you discover a security vulnerability, please report it to us responsibly:
- Email: Send details to
[email protected]
- Subject: Use "SECURITY VULNERABILITY - [Brief Description]"
- Content: Include as much detail as possible
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if you have one)
- Your contact information
- 24 hours: Initial acknowledgment
- 72 hours: Preliminary assessment
- 7 days: Detailed response with timeline
- 30 days: Target resolution (complex issues may take longer)
- Regular security audits of the codebase
- Prompt response to reported vulnerabilities
- Transparent communication about security issues
- Regular dependency updates
- No Data Collection: The setup assistant operates completely offline
- No Telemetry: We don't track user behavior or collect analytics
- Local Processing: All configuration and setup happens on your device
- No Network Calls: Except for initial download, no internet communication
The following are not considered security vulnerabilities:
- Issues requiring physical access to the device
- Vulnerabilities in third-party game files or engines
- Issues that require user to run malicious code
- Social engineering attacks
- Denial of service attacks against the local application
- Download only from official sources
- Keep your system and antivirus updated
- Don't run the setup assistant with elevated privileges unless required
- Regularly backup your game saves
- Follow secure coding practices
- Validate all user inputs
- Keep dependencies updated
- Use static analysis tools
- Regular code reviews
We believe in responsible disclosure and will:
- Work with security researchers to understand and fix issues
- Provide credit to researchers who report vulnerabilities responsibly
- Maintain clear communication throughout the process
- Release security advisories for significant issues
We recognize security researchers who help make our project safer:
Currently empty - be the first to help us improve security!
- Security Email: [email protected]
- General Contact: [email protected]
- GitHub Issues: For non-security related bugs only
For sensitive communications, you can use our PGP key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
[PGP Key would be placed here in a real implementation]
-----END PGP PUBLIC KEY BLOCK-----
Before each release, we verify:
- All dependencies are up to date
- Security scanning tools pass
- Code review completed
- No hardcoded secrets or credentials
- Input validation implemented
- Error handling doesn't leak sensitive information
Thank you for helping keep the FFVII Rebirth Offline Setup Assistant secure! π‘οΈ