diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..aa0c7577b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +## Reporting Security Issues +If you believe you have found a security vulnerability in this repository, please report it to us through coordinated disclosure. + +Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests because this could lead to leaked security breaches. + +Instead, please send an email to opensource-security\[@\]straccini.com. + +Please include as much of the information listed below as you can to help us better understand and resolve the issue: + +The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting) +Full paths of source file(s) related to the manifestation of the issue +The location of the affected source code (tag/branch/commit or direct URL) +Any special configuration required to reproduce the issue +Step-by-step instructions to reproduce the issue +Proof-of-concept or exploit code (if possible) +Impact of the issue, including how an attacker might exploit the issue +This information will help us triage your report more quickly.