Merge pull request stefanprodan#104 from stefanprodan/security-policy

Add security policy
letenkov · May 16, 2023 · bfd6505 · bfd6505
2 parents 733e8bf + 36eb7e2
commit bfd6505
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+This document defines security reporting, handling and disclosure for the Timoni project.
+
+## Report a Vulnerability
+
+You can privately disclose a vulnerability through GitHub's
+[private vulnerability reporting](https://github.com/stefanprodan/timoni/security/advisories) mechanism.
+
+Another option is to contact Stefan Prodan on Keybase messenger at
+[keybase.io/stefanprodan](https://keybase.io/stefanprodan)
+(fingerprint `613BF2C4D985BBCB1474123F5A00A04500683EBD`).
+
+You will be able to choose if you want public acknowledgement of your effort and how you would like to be credited.
+
+### Disclosures
+
+Vulnerability disclosures are made public on GitHub's
+[security advisories](https://github.com/stefanprodan/timoni/security/advisories) page.
+
+Disclosures will contain an overview, details about the vulnerability,
+a fix that will typically be an update, and optionally a workaround if one is available.
+
+Disclosures will be made public in a timely manner after a release is published that fixes the vulnerability.