Merge pull request #65 from worldcoin/kit/security

chore: Add SECURITY.md
worldcoin · Nov 19, 2024 · 9c9691d · 9c9691d
2 parents 517169a + 6729b45
commit 9c9691d
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security
+
+## Report a security issue
+
+The World project team welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [[email protected]](mailto:[email protected]). Security issues should not be reported via the public Github Issue tracker.
+
+## Vulnerability coordination
+
+Remediation of security vulnerabilities is prioritized by the project team. The project team coordinates remediation with third-party project stakeholders via [Github Security Advisories](https://help.github.com/en/github/managing-security-vulnerabilities/about-github-security-advisories). Third-party stakeholders may include the reporter of the issue, affected direct or indirect users of World, and maintainers of upstream dependencies if applicable.
+
+Downstream project maintainers and World users can request participation in coordination of applicable security issues by sending your contact email address, Github username(s) and any other salient information to [[email protected]](mailto:[email protected]). Participation in security issue coordination processes is at the discretion of the World team.
+
+## Security advisories
+
+The project team is committed to transparency in the security issue disclosure process. The World team announces security issues via [project Github Release notes](https://github.com/worldcoin/world-chain/releases) and the [RustSec advisory database](https://github.com/RustSec/advisory-db) (i.e. `cargo-audit`).
+
+
+<!-- Based on https://github.com/tokio-rs/tokio/blob/tokio-1.13.0/SECURITY.md -->