Issue #42: Create SECURITY.rst policy

Nekmo · Aug 7, 2023 · ff1c635 · ff1c635
1 parent bc4bc8f
commit ff1c635
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/SECURITY.rst b/SECURITY.rst
@@ -0,0 +1,27 @@
+Security Policy
+===============
+The following file contains information on how to report security breaches in pip-rating. A security flaw is a bug that
+can be exploited to compromise the security of the system. To report bugs that do not compromise security,
+report `using an issue <https://github.com/Nekmo/pip-rating/actions>`_.
+
+Supported Versions
+------------------
+Currently pip-rating only supports the latest version available. If you find a security flaw in a previous version,
+please report it, but we don't guarantee that it will be fixed with a patch version. However, we will report it to the
+users of the previous version. If the flaw is in the latest version, we will fix it as soon as possible.
+
+Reporting a Vulnerability
+-------------------------
+To report a vulnerability, please send an email to *security [at] nekmo.com* with the following information:
+
+- A description of the vulnerability.
+- The version of pip-rating affected.
+- The steps to reproduce the vulnerability.
+- The possible impact of the vulnerability.
+
+We will try to answer you as soon as possible, but we cannot guarantee a response time. If your vulnerability is
+accepted, we will contact you to keep you informed of the progress of the solution. If it is rejected, we will also
+contact you to explain the reasons. If you do not receive a response within a reasonable time, please contact us again.
+
+All the people who report a vulnerability will be mentioned in the changelog of the version in which it is fixed,
+unless they request otherwise. If you want to remain anonymous, please indicate it in the email.