Clarified disclaimer and added security policy file.

OWASP · Jun 11, 2021 · 46ecb44 · 46ecb44
1 parent f2d0696
commit 46ecb44
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 18 deletions.
diff --git a/MANIFEST.in b/MANIFEST.in
@@ -2,6 +2,8 @@
 include ChangeLog.md
 include COPYING
 include README.md
+include SECURITY.md
+
 include requirements.txt
 include requirements-docs.txt
 include requirements-examples.txt

diff --git a/README.md b/README.md
@@ -80,19 +80,8 @@ Documentation is available at [Read the Docs](https://pysap.readthedocs.io/en/la
 License
 -------
 
-This library is distributed under the GPLv2 license. Check the `COPYING` file for
-more details.
-
-
-Disclaimer
-----------
-
-The spirit of this open source initiative is hopefully to help the community to
-alleviate some of the hindrances associated with the implementation of
-networking protocols and stacks, aiming at speeding up research and educational
-activities. By no means this package is meant to be used in production
-environments / commercial products. If so, we would advise to include it into a
-proper SDLC process.
+This library is distributed under the GPLv2 license. Check the [COPYING](COPYING)
+file for more details.
 
 
 Authors
@@ -124,10 +113,28 @@ Contributions made by:
   * Andreas Hornig
   * Jennifer Hornig ([@gloomicious](https://github.com/gloomicious))
 
+Disclaimer
+----------
 
-Contact
--------
+The spirit of this Open Source initiative is to help security researchers,
+and the community, speed up research and educational activities related to
+the implementation of networking protocols and stacks.
+
+The information in this repository is for research and educational purposes
+only and is not intended to be used in production environments and/or as part
+of commercial products.
+
+If you desire to use this tool or some part of it for your own uses, we
+recommend applying proper security development life cycle and secure coding
+practices, as well as generate and track the respective indicators of
+compromise according to your needs.
+
+
+Contact Us
+----------
+
+Whether you want to report a bug, send a patch, or give some suggestions
+on this package, drop us a few lines at oss@secureauth.com.
+
+For security-related questions check our [security policy](SECURITY.md).
 
-Whether you want to report a bug or give some suggestions on this package, drop
-us a few lines at `oss@secureauth.com` or contact the author email
-`mgallo@secureauth.com`.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,7 @@
+Security Policy
+===============
+
+Although this initiative is not meant to be used in productive environments,
+if you consider that you have identified an issue that might affect the
+security of its users, or you understand that the tool is being abused,
+you can contact us at oss-security@secureauth.com.