chore: governance: add security policy (#689)

EightfoldAI · Aug 16, 2023 · fff6630 · fff6630
1 parent a724f80
commit fff6630
Showing 1 changed file with 33 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,33 @@
+<!-- BEGIN EIGHTFOLD OCTUPLE SECURITY.MD V0.0.1 BLOCK -->
+
+## Security
+
+If you believe you have found a security vulnerability in the [Octuple GitHub repository](https://github.com/EightfoldAI/octuple), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, send an email to [security@eightfold.ai](mailto:security@eightfold.ai).  You should receive a response within 7 days. If for some reason you do not, please follow up via email to ensure we received your original message. 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Click on the Security tab to learn more at [https://eightfold.ai/solutions/governance/](https://eightfold.ai/solutions/governance/).
+
+<!-- END EIGHTFOLD OCTUPLE SECURITY.MD BLOCK -->