Draft security and reporting advisory (angr#3072)

* Draft security and reporting advisory * Second draft
draperlaboratory · Jan 10, 2022 · fb389e2 · fb389e2
1 parent f43d110
commit fb389e2
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+Security
+========
+
+angr is meant to be able to function as fully secure environment for analyzing code of any kind in its default configuration.
+As a result, we take sandbox escapes - opportunities for guest code to manipulate the host environment without the analysis author explicitly allowing it - very seriously.
+If you read all the documentation, you should be able to deploy angr to analyze untrusted code without worrying about it.
+
+If you find a sandbox escape bug of any sort by this definition, please let us know through a private channel.
+You can contact the core developers through their emails at [email protected] and [email protected].