From 55cd15bfc629ab4aad159126c2aaf9dd10e647bf Mon Sep 17 00:00:00 2001
From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com>
Date: Thu, 31 Oct 2024 00:07:38 +0800
Subject: [PATCH] Added security.md file (#1533)

---
 .github/security.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 .github/security.md

diff --git a/.github/security.md b/.github/security.md
new file mode 100644
index 0000000000..5bc9672282
--- /dev/null
+++ b/.github/security.md
@@ -0,0 +1,19 @@
+CrewAI takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organization.
+If you believe you have found a security vulnerability in any CrewAI product or service, please report it to us as described below.
+
+ ## Reporting a Vulnerability
+ Please do not report security vulnerabilities through public GitHub issues.
+ To report a vulnerability, please email us at security@crewai.com.
+ Please include the requested information listed below so that we can triage your report more quickly
+
+ - Type of issue (e.g. SQL injection, cross-site scripting, etc.)
+ - Full paths of source file(s) related to the manifestation of the issue
+ - The location of the affected source code (tag/branch/commit or direct URL)
+ - Any special configuration required to reproduce the issue
+ - Step-by-step instructions to reproduce the issue (please include screenshots if needed)
+ - Proof-of-concept or exploit code (if possible)
+ - Impact of the issue, including how an attacker might exploit the issue
+
+ Once we have received your report, we will respond to you at the email address you provide. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the issue.
+
+ At this time, we are not offering a bug bounty program. Any rewards will be at our discretion.
\ No newline at end of file