Merge pull request #101 from UiPath/feature/security-policy

Add security policy
UiPath · Oct 10, 2023 · ba48c87 · ba48c87
2 parents 5a213c7 + 1ab2e66
commit ba48c87
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,29 @@
+## Security
+
+UiPath takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organization [UiPath](https://github.com/UiPath).
+
+Every UiPath product is designed and developed with security in mind.
+Security is built directly into our development lifecycle, by performing both automated security scans and red team style penetration tests on every build.
+We submit our releases to independent third-party review at the highest level to ensure that our security is more than trusted.
+
+## Reporting Security Issues
+
+If you believe you have found a security vulnerability in the, please report it to us through coordinated disclosure.
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to UiPath Trust and Security at
+
+ [https://www.uipath.com/legal/trust-and-security/report/security-issue](https://www.uipath.com/legal/trust-and-security/report/security-issue).
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue::
+
+* The type of issue (e.g., buffer overflow, cross-site scripting, etc...)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.