From 1309a4fd6d75e0ad7fc8df7bd88062e8a5bf0ddf Mon Sep 17 00:00:00 2001 From: Josef Andersson Date: Sun, 11 May 2025 13:57:44 +0200 Subject: [PATCH] docs(security): add initial security policy Signed-off-by: Josef Andersson --- SECURITY.md | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..596bfbaa --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,49 @@ + + +# Security Reporting + +If you wish to report a security vulnerability privately, we appreciate your +diligence. Please follow the guidelines below to submit your report. + +## Reporting + +To report a security vulnerability, please provide the following information: + +1. **PROJECT** + + - Include the URL of the project repository - Example: + + +2. **PUBLIC** + + - Indicate whether this vulnerability has already been publicly discussed or + disclosed. + - If so, provide relevant links. + +3. **DESCRIPTION** + - Provide a detailed description of the security vulnerability. + - Include as much information as possible to help us understand and address + the issue. + +Send this information, along with any additional relevant details, to +. + +## Confidentiality + +We kindly ask you to keep the report confidential until a public announcement is +made. + +## Notes + +- Vulnerabilities will be handled on a best-effort basis. +- You may request an advance copy of the patched release, but we cannot + guarantee early access before the public release. +- You will be notified via email simultaneously with the public announcement. +- We will respond within a few weeks to confirm whether your report has been + accepted or rejected. + +Thank you for helping to improve the security of our project!