Create SECURITY.md (#107)

Add an initial SECURITY.md file. Signed-off-by: John Kjell <[email protected]>
in-toto · Dec 17, 2023 · cfee7c9 · cfee7c9
1 parent 6094e21
commit cfee7c9
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,34 @@
+# Security Policy
+
+## Security Bulletins
+
+See current security bullentins on GitHub: https://github.com/in-toto/go-witness/security/advisories
+
+For information regarding the security of this project please join:
+
+* in-toto-witness on CNCF Slack
+
+## Reporting a Vulnerability
+
+Please use the below process to report a vulnerability to the project:
+
+Web Form:
+
+1. Please visit https://github.com/in-toto/go-witness/security/advisories/new
+   * You will receive a confirmation email upon submission
+1. You may be contacted by a maintainer to further discuss the reported item
+   within 3 days. Please bear with us as we seek to understand the breadth
+   and scope of the reported problem, recreate it, and confirm if there is an
+   vulnerability present.
+
+This project follows a 30 day disclosure timeline.
+
+## Supported Versions
+
+Information regarding supported versions of this project can be found on
+in the below table:
+
+| Version | Supported |
+| --- | --- |
+| Latest | :white_check_mark: |
+| <= Latest - 2 | :x: |