From bea104f61d64a3c6bb6eededd47b8c767689963b Mon Sep 17 00:00:00 2001
From: Rehan Ahmad <rehan.meeh@gmail.com>
Date: Sun, 24 May 2026 08:04:54 +0530
Subject: [PATCH 1/2] docs: add SECURITY.md with vulnerability reporting policy

---
 SECURITY.md | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..73e8c91
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,42 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of **DevCard** are currently supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| main    | ✅ Yes             |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in **DevCard**, please **do not open a public issue**.
+
+Instead, report it responsibly by:
+
+- 📧 Opening a [GitHub Private Security Advisory](https://github.com/Dev-Card/DevCard/security/advisories/new)
+- Or reaching out to the maintainer directly via their [GitHub profile](https://github.com/Dev-Card)
+
+### What to include in your report:
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact assessment
+- Any suggested fix (optional but appreciated)
+
+## Response Timeline
+
+| Action                        | Timeframe         |
+| ----------------------------- | ----------------- |
+| Acknowledgement of report     | Within 48 hours   |
+| Status update                 | Within 7 days     |
+| Patch / fix release           | Within 30 days    |
+
+## Responsible Disclosure
+
+We follow a **responsible disclosure** policy. Please give us adequate time to patch the issue before any public disclosure. We deeply appreciate security researchers who help keep **DevCard** safe. 🙏
+
+## References
+
+- [DevCard Repository](https://github.com/Dev-Card/DevCard)
+- [GitHub Security Advisories](https://docs.github.com/en/code-security/security-advisories)
+- [Adding a Security Policy to your repo](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository)

From 4f79d90e71772c484f543e805f5b8ae7c581106b Mon Sep 17 00:00:00 2001
From: Rehan Ahmad <rehan.meeh@gmail.com>
Date: Sun, 24 May 2026 08:06:17 +0530
Subject: [PATCH 2/2] docs: update SECURITY.md to fix reporting channel

---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 73e8c91..40ae32e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,8 +14,8 @@ If you discover a security vulnerability in **DevCard**, please **do not open a
 
 Instead, report it responsibly by:
 
-- 📧 Opening a [GitHub Private Security Advisory](https://github.com/Dev-Card/DevCard/security/advisories/new)
-- Or reaching out to the maintainer directly via their [GitHub profile](https://github.com/Dev-Card)
+- 📧 Reaching out to the maintainer directly via their [GitHub profile](https://github.com/Dev-Card)
+- 💬 Sending a private message through GitHub's messaging or social links listed in the profile
 
 ### What to include in your report:
 - A clear description of the vulnerability