At Fused Gaming, we take the security of our gaming community, projects, and infrastructure seriously. We are committed to maintaining the highest standards of security across all our repositories and services to protect our users, contributors, and community members. In addition, we participate in several other public and private bounty programs in effort to strengthen our partners security.

We actively maintain and provide security updates for the following versions of our projects:

Note: For specific version support information, please check the individual repository's README or releases page.

We appreciate the security research community's efforts in keeping Fused Gaming safe. If you discover a security vulnerability in any of our projects, please report it responsibly.

For Critical Security Issues (High/Critical Severity):

• 📧 Email: Send details to our security team at security@fusedgaming.org (if you don't have this email, use the private vulnerability reporting feature on GitHub)
• 🔒 GitHub Private Vulnerability Reporting: Use GitHub's private vulnerability reporting feature on the affected repository
• 💬 Telegram: Contact our security team privately at @fusedgg

For Non-Critical Issues (Low/Medium Severity):

• 🐛 Create a GitHub issue in the affected repository
• 💬 Contact us through our community channels

Please provide as much information as possible:

• Description: Clear description of the vulnerability
• Impact: Potential impact and severity assessment
• Reproduction: Step-by-step instructions to reproduce the issue
• Environment: Affected versions, platforms, configurations
• Evidence: Screenshots, logs, or proof-of-concept (if applicable)
• Suggested Fix: If you have ideas for remediation

We are committed to responding promptly to security reports:

If the vulnerability is accepted:

• We'll acknowledge receipt and begin investigation
• Regular updates on our progress toward a fix
• Credit in our security advisory (unless you prefer to remain anonymous)
• Coordinated disclosure once the fix is deployed

If the vulnerability is declined:

• Clear explanation of why it doesn't qualify as a security issue
• Alternative suggestions if applicable (e.g., feature request, bug report)

When contributing to Fused Gaming projects:

• 🔐 Never commit API keys, passwords, or sensitive credentials
• 🛡️ Use environment variables for configuration secrets
• 🔍 Regularly update dependencies to patch known vulnerabilities
• ✅ Follow secure coding practices for your programming language
• 🧪 Include security considerations in code reviews

• 🤝 Report security issues privately before public disclosure
• 🚫 Don't exploit vulnerabilities beyond what's necessary for demonstration
• 📱 Use official communication channels for security discussions
• 🎯 Focus on constructive, responsible disclosure

This security policy applies to:

✅ In Scope:

• All public repositories under the Fused Gaming organization
• Our Discord bots and web applications
• Community tools and utilities
• Infrastructure and deployment configurations

❌ Out of Scope:

• Third-party services we integrate with (report to their respective teams)
• Social engineering attacks against community members
• Physical security of individual contributors
• Denial of service attacks against our services

We believe in recognizing security researchers who help keep our community safe:

• 🏆 Hall of Fame: Public acknowledgment in our security page
• 🎮 Community Recognition: Special role/badge in our Discord community
• 💎 Bounty Program: While we don't currently offer monetary rewards, we may provide Fused Gaming merchandise or in-game items where applicable

• General Security: security@fusedgaming.org (create this email or use GitHub's private reporting)
• Community: Telegram @fusedgg
• Social Media: @fuseddotgg on Twitter
• Business: LinkedIn Company Page

Last Updated: September 2025
Next Review: July 2025

This security policy is a living document and may be updated as our organization and projects evolve. Check back regularly for the latest version.