We actively support the following versions of the Tactical Breach Wizards Offline Setup Assistant:

Please do not report security vulnerabilities through public GitHub issues.

Instead, please report them responsibly through one of these channels:

Send a detailed report to: security@tbw-offline.com

Use GitHub's private vulnerability reporting feature:

1. Go to the Security tab
2. Click "Report a vulnerability"
3. Fill out the form with details

For sensitive reports, you can use our PGP key:

-----BEGIN PGP PUBLIC KEY BLOCK-----
[Our PGP key would be here in a real implementation]
-----END PGP PUBLIC KEY BLOCK-----

When reporting a security vulnerability, please include:

• Description: Clear description of the vulnerability
• Impact: Potential impact and attack scenarios
• Reproduction: Steps to reproduce the issue
• Environment: OS, version, and configuration details
• Evidence: Screenshots, logs, or proof of concept (if safe)

• Severity Assessment: Your estimation of severity
• Suggested Fix: If you have ideas for remediation
• References: Related CVEs or security advisories

We take security seriously and will respond promptly:

We follow responsible disclosure practices:

1. Private Disclosure: You report the vulnerability privately
2. Investigation: We investigate and develop a fix
3. Patch Development: We create and test the security fix
4. Coordinated Release: We release the fix and public advisory
5. Public Disclosure: Details are shared publicly after fix is available

We believe in recognizing security researchers who help us improve:

Researchers who report valid vulnerabilities will be:

• Listed in our Security Hall of Fame (with permission)
• Credited in release notes and security advisories
• Invited to our private security discussion channel

While we don't currently offer monetary rewards, we provide:

• Recognition: Public acknowledgment of your contribution
• Swag: Exclusive project merchandise
• Access: Early access to new features and beta versions
• References: Professional references for your security work

• Keep Updated: Always use the latest version
• Verify Downloads: Check file hashes and signatures
• Secure Storage: Store the setup assistant in a secure location
• Permissions: Run with minimal necessary permissions
• Antivirus: Keep your antivirus software updated

• Code Review: All code changes require security review
• Dependencies: Regularly audit and update dependencies
• Testing: Include security testing in our CI/CD pipeline
• Secrets: Never commit secrets or sensitive data
• Access Control: Follow principle of least privilege

• Code Signing: All releases are digitally signed
• Checksum Verification: SHA-256 checksums for all downloads
• Sandboxing: Assistant runs in restricted environment
• No Network Access: Completely offline operation (no data transmission)
• Permission Minimal: Requests only necessary system permissions

• No Telemetry: We don't collect usage data or analytics
• Local Storage: All data stays on your device
• No Account: No registration or personal information required
• Audit Trail: Clear logs of all system changes made

• Administrative Privileges: May require elevated permissions for installation
• File System Access: Needs access to game directories
• Registry Access: May modify system registry on Windows
• Process Management: Can launch and manage game processes

• All file operations are logged and reversible
• Registry changes are backed up before modification
• Process management is limited to game-related executables
• User consent is required for all system modifications

• OWASP Top 10
• CWE/SANS Top 25
• NIST Cybersecurity Framework

• Threat Model (Internal)
• Security Architecture (Internal)
• Incident Response Plan (Internal)

For security-related questions or concerns:

• Security Team: security@tbw-offline.com
• General Contact: contact@tbw-offline.com
• Discord: #security channel in our server (invite-only)

We maintain transparency about past security issues:

• TBW-2024-001 (Medium): Path traversal in extraction process - Fixed in v2.0.3
• TBW-2024-002 (Low): Information disclosure in debug logs - Fixed in v2.1.0

• No security advisories prior to 2024

Thank you for helping keep our community safe! 🛡️

Every security report, regardless of severity, helps us build a more secure and trustworthy tool for the gaming community.