[docs] Update SECURITY.md (#45)

## Description Closes: N/A --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct `docs:` prefix in the PR title - [x] targeted the correct branch (see [PR Targeting](https://github.com/atomone-hub/govgen/blob/main/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] Confirmed the correct `docs:` prefix in the PR title - [ ] Confirmed all author checklist items have been addressed - [ ] Confirmed that this PR only changes documentation - [ ] Reviewed content for consistency - [ ] Reviewed content for thoroughness - [ ] Reviewed content for spelling and grammar - [ ] Tested instructions (if applicable) --------- Co-authored-by: Thomas Bruyelle <thomas.bruyelle@tendermint.com>
atomone-hub · Jun 19, 2024 · 9c650a5 · 9c650a5
1 parent d003f88
commit 9c650a5
Showing 1 changed file with 10 additions and 5 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,9 +1,14 @@
-## How to Report a Security Bug
+# Security Policy
 
-TBD
+All in Bits strives to contribute toward the security of our ecosystem through internal security practices, and by working with external security researchers from the community.
 
-***Please DO NOT file a public issue in this repository to report a security vulnerability.*** 
+## Reporting a Vulnerability
 
-## Coordinated Vulnerability Disclosure Policy and Safe Harbor
+If you've identified a vulnerability, please report it through one of the following venues:
+* Submit an advisory through GitHub: https://github.com/atomone-hub/govgen/security/advisories/new
+* Email security [at-symbol] tedermint [dot] com. If you are concerned about confidentiality e.g. because of a high-severity issue, you may email us for PGP or Signal contact details.
+* We provide bug bounty rewards through our program at [HackenProof](https://hackenproof.com/all-in-bits). You must report via HackenProof in order to be eligible for rewards.
 
-TBD
+We will respond within 3 business days to all received reports. 
+
+Thank you for helping to keep our ecosystem safe!