chore: add SECURITY.md
This commit is contained in:
sigoden
parent
f92c8ee91d
commit
871e8276ff
1 changed files with 21 additions and 0 deletions
21
SECURITY.md
Normal file
21
SECURITY.md
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
# Security Policy
|
||||||
|
|
||||||
|
## Supported Versions
|
||||||
|
|
||||||
|
The latest release of *dufs* is supported. The fixes for any security issues found will be included
|
||||||
|
in the next release.
|
||||||
|
|
||||||
|
|
||||||
|
## Reporting a Vulnerability
|
||||||
|
|
||||||
|
Please [use *dufs*'s security advisory reporting tool provided by
|
||||||
|
GitHub](https://github.com/sigoden/dufs/security/advisories/new) to report security issues.
|
||||||
|
|
||||||
|
We strive to fix security issues as quickly as possible. Across the industry, often the developers'
|
||||||
|
slowness in developing and releasing a fix is the biggest delay in the process; we take pride in
|
||||||
|
minimizing this delay as much as we practically can. We encourage you to also minimize the delay
|
||||||
|
between when you find an issue and when you contact us. You do not need to convince us to take your
|
||||||
|
report seriously. You don't need to create a PoC or a patch if that would slow down your reporting.
|
||||||
|
You don't need an elaborate write-up. A short, informal note about the issue is good. We can always
|
||||||
|
communicate later to fill in any details we need after that first note is shared with us.
|
||||||
|
|
||||||
Loading…
Reference in a new issue