From 0a0d151f15f4869db7b887b4c076b3e3d3baace8 Mon Sep 17 00:00:00 2001 From: Oliver Date: Tue, 14 Jun 2022 08:09:51 +1000 Subject: [PATCH] Add security.md (#3190) * Create SECURITY.md Add a security disclosure policty document (cherry picked from commit 35b7d51cf20b2e80ddbb7a337e8ab472a6f36300) * Adds desired target for resolution (cherry picked from commit 828163848aedd40d5007f1830fcd0fc800647841) --- SECURITY.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..a05e6e8701 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,17 @@ +# Security Policy + +The InvenTree team take all security vulnerabilities seriously. Thank you for improving the security of our open source software. +We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. + +## Reporting a Vulnerability + +Please report security vulnerabilities by emailing the InvenTree team at: + +``` +security@inventree.org +``` + +Someone from the InvenTree development team will acknowledge your email as soon as possible, and indicate the next steps in handling your security report. + + +The team will endeavour to keep you informed of the progress towards a fix for the issue, and subsequent release to the stable and development code branches. Where possible, the issue will be resolved within 90 dates of reporting.