Create SECURITY.md

trifectatechfoundation · Dec 11, 2024 · ab518cf · ab518cf
1 parent fe3a545
commit ab518cf
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,25 @@
+Security policy
+===============
+
+**Do not report security vulnerabilities through public GitHub issues.**
+Instead, you can report security vulnerabilities using [our security page].
+Please include as much of the following information as possible:
+ * Type of issue (e.g. buffer overflow, privilege escalation, etc.)
+ * The location of the affected source code (tag/branch/commit or direct URL)
+ * Any special configuration required to reproduce the issue
+ * If applicable, which platforms are affected
+ * Step-by-step instructions to reproduce the issue
+ * Impact of the issue, including how an attacker might exploit the issue
+## Preferred Languages
+We prefer to receive reports in English. If necessary, we also understand Dutch and Frisian.
+## Disclosure Policy
+We adhere to the principle of [coordinated vulnerability disclosure].
+
+Security Advisories
+===================
+Security advisories will be published on our [github advisories page] and
+possibly through other channels.
+
+[our security page]: https://github.com/trifectatechfoundation/bzip2-rs/security
+[coordinated vulnerability disclosure]: https://vuls.cert.org/confluence/display/CVD/Executive+Summary
+[github advisories page]: https://github.com/trifectatechfoundation/libbzip2-rs/security/advisories