Merge pull request #6505 from dolthub/add-security-policy

Create SECURITY.md
dolthub · Aug 14, 2023 · 559cbcb · 559cbcb
2 parents 45ee8f3 + 2c3b2b6
commit 559cbcb
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -829,6 +829,10 @@ Dolt provides powerful data audit capabilities down to individual cells. When, h
 
 Head over to [our documentation](https://docs.dolthub.com/introduction/what-is-dolt) now that you have a feel for Dolt. You can also read about what we've been working on in [our blog](https://www.dolthub.com/blog/).
 
+# Security Policy
+
+[Dolt's current security policy](https://github.com/dolthub/dolt/blob/main/SECURITY.md) is maintained in this repository. Please follow the disclosure instructions there. Please do not initially report security issues in this repository's public GitHub issues.
+
 # Credits and License
 
 Dolt relies heavily on open source code and ideas from the

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+By default, the most recent release of Dolt is the version which is
+supported for all security updates. If you need ongoing security
+support for an older version of Dolt, please [contact us](https://www.dolthub.com/contact).
+
+## Reporting a Vulnerability
+
+Any security issues with Dolt can be reported to [[email protected]]([email protected]).
+
+Reports will be responded to within one business day. The majority of
+our team operates on Pacific Time and on a US holiday schedule.
+
+DoltHub does not currently run a security bounty program for Dolt.