Skip to content
This repository has been archived by the owner on Sep 17, 2022. It is now read-only.

Commit

Permalink
feat: add security policy
Browse files Browse the repository at this point in the history
  • Loading branch information
cpswan committed Jul 12, 2022
1 parent 5ce4268 commit a73770a
Showing 1 changed file with 41 additions and 0 deletions.
41 changes: 41 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<img width=250px src="https://atsign.dev/assets/img/atPlatform_logo_gray.svg?sanitize=true">

# Atsign Foundation Open Source Security Policies and Procedures

This document outlines security procedures and general policies for the
Atsign Foundation Open Source projects as found on
https://github.com/atsign-foundation.

* [Reporting a Vulnerability](#reporting-a-vulnerability)
* [Disclosure Policy](#disclosure-policy)

## Reporting a Vulnerability

The Atsign Foundation team and community take all security vulnerabilities
seriously. Thank you for improving the security of our open source
software. We appreciate your efforts and responsible disclosure and will
make every effort to acknowledge your contributions.

Report security vulnerabilities by emailing the Atsign security team at:

[email protected]

The lead maintainer will acknowledge your email within 24 hours, and will
send a more detailed response within 48 hours indicating the next steps in
handling your report. After the initial reply to your report, the security
team will endeavor to keep you informed of the progress towards a fix and
full announcement, and may ask for additional information or guidance.

Please report security vulnerabilities in third-party modules to the person
or team maintaining the module.

## Disclosure Policy

When the security team receives a security bug report, they will assign it
to a primary handler. This person will coordinate the fix and release
process, involving the following steps:

* Confirm the problem and determine the affected versions.
* Audit code to find any potential similar problems.
* Prepare fixes for all releases still under maintenance. These fixes
will be released as fast as possible to pub.dev where applicable.

0 comments on commit a73770a

Please sign in to comment.