The following versions of the Movement Network codebase are currently supported with security updates. We prioritize the latest stable releases to maintain the integrity of our ecosystem.

We value the work of security researchers and the open-source community in keeping the Movement Network secure. If you discover a security vulnerability, please follow the coordinated disclosure process below.

Do not open a public issue. Please report all security vulnerabilities via the following channels:

• Bug Bounty: Submit your findings through our official Immunefi Program to be eligible for rewards.
• Email: For urgent inquiries, contact us at security@movementlabs.xyz.

To help us triage and fix the issue quickly, please include:

• Severity: Your assessment of the impact (Low, Medium, High, Critical).
• Description: A clear summary of the vulnerability.
• Steps to Reproduce: A detailed proof-of-concept (PoC) or script.
• Affected Component: Specific contracts, modules, or API endpoints.

If you report a vulnerability in good faith, we commit to:

• Acknowledgement: Responding within 48 business hours.
• Confidentiality: Keeping the details private until a fix is deployed.
• Recognition: Crediting your contribution once the vulnerability is resolved (if desired).

Movement Network supports "Safe Harbor" for security research. We will not pursue legal action against researchers who comply with this policy and act in good faith to protect our users.

Would you like me to also draft the CONTRIBUTING.md file to help developers understand how to contribute to your open-source movement?