From 3486a84ca857712b99b2e400294b4e773292072e Mon Sep 17 00:00:00 2001 From: Josef Andersson Date: Sun, 11 May 2025 06:00:50 +0200 Subject: [PATCH] docs: add a security.md policy file Signed-off-by: Josef Andersson --- SECURITY.md | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..753598ef63 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,33 @@ +# Security Reporting + +If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report. + +## Reporting + +To report a security vulnerability, please provide the following information: + +1. **PROJECT** + - Include the URL of the project repository - Example: + +2. **PUBLIC** + - Indicate whether this vulnerability has already been publicly discussed or disclosed. + - If so, provide relevant links. + +3. **DESCRIPTION** + - Provide a detailed description of the security vulnerability. + - Include as much information as possible to help us understand and address the issue. + +Send this information, along with any additional relevant details, to . + +## Confidentiality + +We kindly ask you to keep the report confidential until a public announcement is made. + +## Notes + +- Vulnerabilities will be handled on a best-effort basis. +- You may request an advance copy of the patched release, but we cannot guarantee early access before the public release. +- You will be notified via email simultaneously with the public announcement. +- We will respond within a few weeks to confirm whether your report has been accepted or rejected. + +Thank you for helping to improve the security of our project!