Create SECURITY.md

mastercomfig · Aug 6, 2019 · f21ef37 · f21ef37
1 parent 7c772b5
commit f21ef37
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 6.14.x  | :white_check_mark: |
+| 7.x.x   | :x:                |
+| < 6.14.x| :x:                |
+
+## Reporting a Vulnerability
+
+If you find a security vulnerability in the download of the config, execution of the config,
+or something else, contact mastercoms through email directly: mastercoms@tuta.io.
+
+If you have a solution for the issue, attach it as a patch file to the email.
+
+You can expect a reply within 24 hours of your report with the next steps of action
+regarding the vulnerability. This may include a request to submit a pull request to
+resolve the vulnerability if applicable.
+
+You should not disclose the vulnerability publicly unless you have not received a response after 1 month.
+
+If the vulnerability is declined, you may post it publicly after 48 hours of its declination, unless the
+declination is retracted within that time period.
+
+On the vulnerability being fixed, you may also disclose the vulnerability publicly after 1 week of the
+fix being deployed.