Merge branch 'main' into brandon/cre-399-otel_sdk_disabled-to-true-bu…

…t-crewai-still-tries-to-push
crewAIInc · Oct 30, 2024 · 48494e4 · 48494e4
2 parents 1bf6599 + 55cd15b
commit 48494e4
Showing 1 changed file with 19 additions and 0 deletions.
diff --git a/.github/security.md b/.github/security.md
@@ -0,0 +1,19 @@
+CrewAI takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organization.
+If you believe you have found a security vulnerability in any CrewAI product or service, please report it to us as described below.
+
+ ## Reporting a Vulnerability
+ Please do not report security vulnerabilities through public GitHub issues.
+ To report a vulnerability, please email us at [email protected].
+ Please include the requested information listed below so that we can triage your report more quickly
+
+ - Type of issue (e.g. SQL injection, cross-site scripting, etc.)
+ - Full paths of source file(s) related to the manifestation of the issue
+ - The location of the affected source code (tag/branch/commit or direct URL)
+ - Any special configuration required to reproduce the issue
+ - Step-by-step instructions to reproduce the issue (please include screenshots if needed)
+ - Proof-of-concept or exploit code (if possible)
+ - Impact of the issue, including how an attacker might exploit the issue
+
+ Once we have received your report, we will respond to you at the email address you provide. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the issue.
+
+ At this time, we are not offering a bug bounty program. Any rewards will be at our discretion.