From 606d675b1203fc4f1be19debfced066f8e6cd10d Mon Sep 17 00:00:00 2001 From: Denis Varlakov Date: Tue, 15 Oct 2024 16:22:06 +0200 Subject: [PATCH] Add security.md Signed-off-by: Denis Varlakov --- SECURITY.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..dfa8cd5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,20 @@ +# Security Policy + +## Supported Versions + +Only the latest version of the library is supported. + +## Reporting a Vulnerability + +We ask to report any security vulnerabilities or flaws through: + +1. Github, in the "Security" tab, using the "Report a vulnerability" button. +2. Email, security@dfns.co + +After receiving the report, it will take us up to 2 working days to respond. +We will evaluate the reported vulnerability, determine whether it needs to +be addressed, and (if so) and provide an estimated timeline for addressing it. + +After vulnerability was fixed and the new version of the library was +properly tested, we publish the fix, and publicly disclose the vulnerability +(credits for finding the issue go to the reporter).