diff options
Diffstat (limited to 'SECURITY.md')
| -rw-r--r-- | SECURITY.md | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..119cf3f6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,33 @@ +# Security Reporting + +If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report. + +## Reporting + +To report a security vulnerability, please provide the following information: + +1. **PROJECT** + - Include the URL of the project repository - Example: <https://github.com/junegunn/fzf> + +2. **PUBLIC** + - Indicate whether this vulnerability has already been publicly discussed or disclosed. + - If so, provide relevant links. + +3. **DESCRIPTION** + - Provide a detailed description of the security vulnerability. + - Include as much information as possible to help us understand and address the issue. + +Send this information, along with any additional relevant details, to <junegunn.c AT gmail DOT com>. + +## Confidentiality + +We kindly ask you to keep the report confidential until a public announcement is made. + +## Notes + +- Vulnerabilities will be handled on a best-effort basis. +- You may request an advance copy of the patched release, but we cannot guarantee early access before the public release. +- You will be notified via email simultaneously with the public announcement. +- We will respond within a few weeks to confirm whether your report has been accepted or rejected. + +Thank you for helping to improve the security of our project! |