Add SECURITY.md (#254)

erlef · Sep 25, 2023 · 2d1c851 · 2d1c851
1 parent 1769648
commit 2d1c851
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,22 @@
+# Security Policy
+
+[![OpenSSF Vulnerability Disclosure](https://img.shields.io/badge/OpenSSF-Vulnerability_Disclosure-green)](https://github.com/ossf/oss-vulnerability-guide/blob/main/finder-guide.md)
+[![GitHub Report](https://img.shields.io/badge/GitHub-Security_Advisories-blue)](https://github.com/erlef/oidcc/security/advisories/new)
+[![Email Report](https://img.shields.io/badge/Email-security%40erlef.org-blue)](mailto:[email protected])
+
+This repository follows the
+[OpenSSF Vulnerability Disclosure guide](https://github.com/ossf/oss-vulnerability-guide/tree/main).
+You can learn more about it in the
+[Finders Guide](https://github.com/ossf/oss-vulnerability-guide/blob/main/finder-guide.md).
+
+Please report vulnerabilities via the
+[GitHub Security Vulnerability Reporting](https://github.com/erlef/oidcc/security/advisories/new)
+or via email to [`[email protected]`](mailto:[email protected]) if this does
+not work for you.
+
+Our vulnerability management team will respond within 3 working days of your
+report. If the issue is confirmed as a vulnerability, we will open a Security
+Advisory. This project follows a 90 day disclosure timeline.
+
+If you have questions about reporting security issues, email the vulnerability
+management team: [`[email protected]`](mailto:[email protected])