diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..c8d59365ef --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,16 @@ +# Security Policy + +The InvenTree team take all security vulnerabilities seriously. Thank you for improving the security of our open source software. +We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions. + +## Reporting a Vulnerability + +Please report security vulnerabilities by emailing the InvenTree team at: + +``` +security@inventree.org +``` + +Someone from the InvenTree development team will acknowledge your email as soon as possible, and indicate the next steps in handling your security report. + +The team will endeavour to keep you informed of the progress towards a fix for the issue, and subsequent release to the stable and development code branches.