Add security.md

Signed-off-by: Denis Varlakov <[email protected]>
LFDT-Lockness · Oct 15, 2024 · 606d675 · 606d675
1 parent 0c560b6
commit 606d675
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of the library is supported.
+
+## Reporting a Vulnerability
+
+We ask to report any security vulnerabilities or flaws through:
+
+1. Github, in the "Security" tab, using the "Report a vulnerability" button.
+2. Email, [email protected]
+
+After receiving the report, it will take us up to 2 working days to respond. 
+We will evaluate the reported vulnerability, determine whether it needs to 
+be addressed, and (if so) and provide an estimated timeline for addressing it.
+
+After vulnerability was fixed and the new version of the library was
+properly tested, we publish the fix, and publicly disclose the vulnerability
+(credits for finding the issue go to the reporter).