# Security Policy

## Supported Versions

Currently all versions are supported.

| Version | Supported          |
| ------- | ------------------ |
| 1.0.0   | ✔️                  |

## Reporting a Vulnerability

Use this section to tell people how to report a vulnerability.

Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.

A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.
A non-comprehensive list of out of scope vulnerabilities:
- Stealing information from launcher files
- Using the OS level args methods 

However, if you can produce a patch for an out of scope vulnerability, a bug bounty will be awarded as well.

The bug bounty is a $5 USD Amazon Gift Card. I might run out, so it's awarded on a first come, first serve basis.