Update SECURITY.md

ar2rsawseen · web-flow · commit 49ef1cf8340a · 2023-01-23T14:10:57.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,4 +4,16 @@ Security is very important to us. If you discover any issue regarding security,
 
 All software related security bugs with severity of medium and higher will be awarded accordingly with a bug bounty reward.
 
-Due to on premise nature of our software, all server configuration related issues will be reported to related departments/parties/companies, but we cannot guarantee any bounty rewards for them.
+# Vulnerability levels
+**Critical Severity:** software can be exploited at any time without any additional information
+
+**High Severity:** some additional information, access or action required (from the user, like clicking on injected link) for software to be exploited
+
+**Medium Severity:** the impact is limited (for example, can only access limited information) or requires special conditions to achieve it (when server is configured in specific way)
+
+**Low** - no bounty rewards, does not directly lead to vulnerability, but provides a possibility (like exposing software version, which can be mapped to specific vulnerabilities), old dependencies, server misconfiguration
+
+**Exclusion**
+
+Server specific configurations and deployment specific configurations due to on premise nature of our software.
+All server configuration related issues will be reported to related departments/parties/companies, but we cannot guarantee any bounty rewards for them.
