From 0ec30cc73a2404cd596264e62c6343f12a5f9959 Mon Sep 17 00:00:00 2001
From: Mingshen Sun <bob@mssun.me>
Date: Fri, 11 Dec 2020 14:08:41 -0800
Subject: [PATCH] Add instruction to report security issue in the community
 page

---
 COMMUNITY.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/COMMUNITY.md b/COMMUNITY.md
index 9f04d121e..28097e47e 100644
--- a/COMMUNITY.md
+++ b/COMMUNITY.md
@@ -33,6 +33,13 @@ we aim to create a project that is maintained and owned by the community. All
 kinds of contributions are welcome. Read this [document](CONTRIBUTING.md) to
 learn more about how to contribute. Huge thanks to our [contributors](CONTRIBUTORS.md).
 
+## Reporting a Vulnerability
+
+We take a very active stance in eliminating security problems in Teaclave. We
+strongly encourage folks to report such problems to our private mailing list
+first ([private@teaclave.apache.org](mailto:private@teaclave.apache.org)),
+before disclosing them in a public forum.
+
 ## Organizations and Projects
 
 Apache Teaclave (including the platform and SGX SDK) is being used and actively