From 55f19374fc69f520e4bcf76a451555bc4b3ec9c9 Mon Sep 17 00:00:00 2001 From: Roger Ng Date: Mon, 16 Sep 2024 19:20:04 +0800 Subject: [PATCH] Create security policy --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..26ac346d --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Security Policy + +## Reporting a Vulnerability + +**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.** + +To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/transparency-dev/trillian-tessera/security/advisories) tab. + +We ask you to submit high-quality reports, including as many details as possible, a buildable proof of concept against a recent build, a crash dump if available, and instructions on reproducing the issue. Please also include information about the affected software version, a description of the issue’s impact, and an attack scenario, as that helps us assess the vulnerability quickly and effectively.