Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(security): Create SECURITY.md #1480

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
+31 −0
Open

docs(security): Create SECURITY.md #1480

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# Security Policy

## Reporting a Security Vulnerability

We take the security of our project very seriously. If you have discovered a security vulnerability within this project, we appreciate your cooperation in responsibly disclosing it to us. Please follow the guidelines below to report security issues.

### Responsible Disclosure Policy

To report a security issue, **do not disclose it publicly**. Public disclosure of a security vulnerability can put the entire community at risk. We urge you to keep the issue private until we have had a chance to address it.

### How to Report a Security Vulnerability

If you believe you have found a security vulnerability, please submit your report to us as soon as possible through one of the following methods:

- **Email**: Send your report via email to [[email protected]](mailto:[email protected]). This is the preferred method of contact for security issues.
- **GitHub Private Report**: Alternatively, you can submit a private vulnerability report through our GitHub repository by visiting this link: [Private Vulnerability Report](https://github.com/Jigsaw-Code/outline-server/security/advisories/new).

### Information to Include in Your Report

Your report should be clear and include as much information as possible to help us understand the nature and severity of the issue. Please include the following:

- **Description of the Vulnerability**: Provide a detailed description of the vulnerability you have discovered. Explain how it affects the project and the potential impact if exploited.
- **Steps to Reproduce**: Include detailed steps on how to reproduce the issue. This will help us to quickly verify the problem and work on a fix.

### After You Report

Once you have reported a security issue, we will acknowledge your email within a reasonable time frame. Our security team will then work on verifying the issue and determining its impact. We may contact you for further information if needed.

We ask for your patience as we work to resolve the security issue. Once the issue is addressed, we will notify you, and depending on the severity and nature of the vulnerability, we may publicly acknowledge your contribution to improving the security of our project.

Thank you for helping us keep our project and the community safe.