Create SECURITY.md

digitalfabrik · Sep 26, 2023 · 20ea9f8 · 20ea9f8
1 parent 535c26a
commit 20ea9f8
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security
+
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in this project,
+please report it to us at <[email protected]>. We will work with you to
+verify the vulnerability and patch it.
+
+When reporting issues, please provide the following information:
+
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the
+project contributors a chance to resolve the vulnerability and issue a new
+release prior to any public exposure; this helps protect the project's
+users, and provides them with a chance to upgrade and/or update in order to
+protect their applications.
+
+## Policy
+
+If we verify a reported security vulnerability, our policy is:
+
+- We will patch the default branch and immediately issue a new security fix release.
+
+- A security advisory will be released on the project website detailing the
+  vulnerability, as well as recommendations for end-users to protect themselves.