Use this section to tell people about which versions of your project are currently being supported with security updates.

We take the security of our LMS (Learning Management System) seriously. If you believe you've found a security vulnerability, please follow these steps:

Private Disclosure: Please DO NOT disclose security-related issues publicly until we've had a chance to address them.

Email: Send vulnerability reports to: info@saml.co.za

When reporting a vulnerability, please provide:

• Detailed description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Any proof-of-concept code (if available)
• Affected versions

• Initial Response: Within 48 hours of report
• Assessment: Within 5 business days for initial assessment
• Regular Updates: Weekly updates on progress for accepted vulnerabilities
• Public Disclosure: Coordinated with reporter after patch release

• We will acknowledge receipt within 48 hours
• Work on a fix will begin immediately
• You'll receive regular progress updates
• Credit will be given in the security advisory (unless you prefer anonymity)

• We will provide a detailed explanation
• Suggestions for alternative approaches if applicable
• Opportunity for discussion and clarification

Our LMS implements several security features:

• Authentication: BetterAuth with secure session management
• Data Protection: Encryption for sensitive data
• API Security: Input validation and rate limiting
• Dependency Monitoring: Regular security updates for dependencies
• AWS Security: Secure RDS PostgreSQL configuration

• Critical vulnerabilities: Patch within 72 hours
• High severity: Patch within 1-2 weeks
• Medium severity: Patch within 1 month
• Low severity: Addressed in next scheduled release

We appreciate your efforts in responsibly disclosing vulnerabilities and helping us maintain the security and privacy of our users.