Skip to content

Commit

Permalink
Add SECURITY.md.
Browse files Browse the repository at this point in the history
  • Loading branch information
briansmith committed Sep 3, 2023
1 parent 95948b3 commit fd23fe9
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 4 deletions.
7 changes: 3 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,11 +88,10 @@ That oldest version known to work is documented as the MSRV in
Bug Reporting
-------------

Please report bugs either as pull requests or as issues in [the issue
tracker](https://github.com/briansmith/ring/issues). *ring* has a
**full disclosure** vulnerability policy. **Please do NOT attempt to report
any security vulnerability in this code privately to anybody.**
Please see [SECURITY.md](SECURITY.md) for help on reporting security vulnerabilities.

Please report bugs that aren't security vulnerabilities either as pull requests or as issues in
[the issue tracker](https://github.com/briansmith/ring/issues).


License
Expand Down
20 changes: 20 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# Security Policy

## Supported Versions

The latest release of *ring* is supported. The fixes for any security issues found will be included
in the next release.


## Reporting a Vulnerability

Please [use *ring*'s security advisory reporting tool provided by
GitHub](https://github.com/briansmith/ring/security/advisories/new) to report security issues.

We strive to fix security issues as quickly as possible. Across the industry, often the developers'
slowness in developing and releasing a fix is the biggest delay in the process; we take pride in
minimizing this delay as much as we practically can. We encourage you to also minimize the delay
between when you find an issue and when you contact us. You do not need to convince us to take your
report seriously. You don't need to create a PoC or a patch if that would slow down your reporting.
You don't need an elaborate write-up. A short, informal note about the issue is good. We can always
communicate later to fill in any details we need after that first note is shared with us.

0 comments on commit fd23fe9

Please sign in to comment.