Create SECURITY.md for security policy #2
Conversation
Added a security policy outlining supported versions and vulnerability reporting.
|
@EthanCoderPenguin2012 is attempting to deploy a commit to the Ben's projects Team on Vercel. A member of the Team first needs to authorize it. |
There was a problem hiding this comment.
Pull request overview
This PR establishes a security policy for the project by adding a SECURITY.md file. The file provides a template structure for documenting supported versions and the process for reporting security vulnerabilities.
Key Changes
- Added SECURITY.md with a supported versions table showing which project versions receive security updates
- Included a reporting section for vulnerability disclosure procedures
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| Use this section to tell people about which versions of your project are | ||
| currently being supported with security updates. |
There was a problem hiding this comment.
The placeholder instructional text should be replaced with actual information about which versions are supported. This template content does not provide actionable information to users.
| Use this section to tell people how to report a vulnerability. | ||
|
|
||
| Tell them where to go, how often they can expect to get an update on a | ||
| reported vulnerability, what to expect if the vulnerability is accepted or | ||
| declined, etc. |
There was a problem hiding this comment.
The placeholder instructional text should be replaced with actual vulnerability reporting procedures, including contact information, expected response times, and the security disclosure process.
| Use this section to tell people how to report a vulnerability. | |
| Tell them where to go, how often they can expect to get an update on a | |
| reported vulnerability, what to expect if the vulnerability is accepted or | |
| declined, etc. | |
| To report a security vulnerability, please email our security team at [[email protected]](mailto:[email protected]). If you prefer, you may use our secure reporting form at [https://example.com/security-report](https://example.com/security-report). | |
| We aim to acknowledge your report within 3 business days and provide a more detailed response within 7 business days, including our assessment of the issue and an expected timeline for resolution. | |
| Once a vulnerability is confirmed, we will work with you to address the issue and keep you informed of our progress. After the vulnerability is resolved, we will notify you before public disclosure, unless you request otherwise. If the report is declined, we will provide a clear explanation. |
1 participant
Added a security policy outlining supported versions and vulnerability reporting.