Merge pull request #49 from fish-shop/add-security-policy

Add security policy
fish-shop · Jul 12, 2024 · c9b8bd3 · c9b8bd3
2 parents 71063bb + 7ae1ddf
commit c9b8bd3
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Patches for security vulnerabilities will be made available at the earliest opportunity. The versions that are eligible for such patches depend on the [CVSS v4.0](https://www.first.org/cvss/v4-0/) severity rating:
+
+| CVSS v4.0 | Supported Versions                        |
+| --------- | ----------------------------------------- |
+| 9.0-10.0  | Releases within the previous three months |
+| 4.0-8.9   | Most recent release                       |
+
+## Reporting a Vulnerability
+
+In the first instance, please report suspected security vulnerabilities using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) by navigating to the [Security](https://github.com/fish-shop/syntax-check/security) tab of this repository and clicking "Report a vulnerability". Alternatively, submit your report by email to **[[email protected]](mailto:[email protected])**. You should generally expect a response within 48 hours.