diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..1cf2b54 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,11 @@ +# Security Policy + +## Reporting a Vulnerability + +If you find a vulnerability in cvelib, please report it privately to secalert@redhat.com. + +In addition to the description of the vulnerability, if possible please include a short reproducer, +a proposed severity rating (for example, see +[Red Hat's severity ratings](https://access.redhat.com/security/updates/classification/)), and other +classifying metadata such as a [CWE](https://cwe.mitre.org/) ID or a +[CVSS](https://www.first.org/cvss/) score.