Fennix/SECURITY.md

# Security Policy

## Supported Versions

Fennix is a comprehensive operating system comprising:
- **Kernel**: Core OS functionality.
- **Drivers**: Hardware interaction layers.
- **Userspace**: Libraries and utilities, including `libc` and essential services like `init`.

We actively support the latest version of Fennix. Older versions may receive security updates at our discretion.

## Reporting a Vulnerability

To report a security vulnerability, please follow these steps:

1. **Do not disclose the vulnerability publicly** until it has been addressed.
2. Use [GitHub Issues](https://github.com/EnderIce2/Fennix/issues/new/choose) to report the vulnerability. If you prefer to report it privately, e-mail me at **[enderice2@protonmail.com](mailto:enderice2@protonmail.com)** with the following details:
    - A clear and detailed description of the vulnerability.
    - Steps to reproduce the issue.
    - Any potential impact of the vulnerability.
    - Relevant logs, screenshots, or proof-of-concept code (if applicable).
3. We will acknowledge your report within 5 business days.

## Our Process

1. **Triage**: We will validate the vulnerability and determine its severity.
2. **Resolution**: If confirmed, we will develop and test a fix.
3. **Notification**: You will be notified once the issue is resolved. If applicable, credit will be given to you in the release notes.
4. **Update**: The fix will be included in a public release. Ensure you update your system to the latest version.

## General Guidelines

- Keep your Fennix installation updated to benefit from the latest security patches.
- Regularly review and apply updates to third-party packages and dependencies used in your userspace applications.

---

Thank you for helping to make Fennix a secure and reliable operating system for everyone!