From 0d4aa32725aaf864b2e462221fb858443abfab32 Mon Sep 17 00:00:00 2001 From: Will McCutchen Date: Wed, 19 Mar 2025 08:34:50 -0400 Subject: [PATCH] docs: add security policy --- SECURITY.md | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..1bb89d5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,48 @@ +# Security Policy + +## Reporting a Vulnerability + +The go-httpbin project takes security issues seriously. We appreciate your +efforts to responsibly disclose your findings and will make every effort to +acknowledge your contributions. + +To report a security vulnerability, please follow these steps: + +1. **Do not** disclose the vulnerability publicly on GitHub issues, + discussions, or elsewhere. + +2. Submit your report via this repo's [New Security Issue][1] page, using + GitHub's built-in security advisory feature + +3. Please include the following information in your report: + - A description of the vulnerability + - Steps to reproduce the issue + - Potential impact of the vulnerability + - Any potential solutions you may have identified + +## Response Process + +- You will receive an acknowledgment of your report through GitHub's security + advisory system. + +- We will investigate the issue and provide updates on our progress through + the advisory. We may ask for additional information or guidance. + +- Once the issue is resolved, we will publicly acknowledge your contribution + (unless you prefer to remain anonymous). + +## Scope + +This security policy applies to the [latest release][2] of go-httpbin. For +older versions, please consider upgrading to the latest release. + +## Support + +go-httpbin is a personal side project. While we take security seriously, +please understand that response times may vary based on the severity of the +reported issue and maintainer availability. + +Thank you for helping keep go-httpbin and its users secure! + +[1]: https://github.com/mccutchen/go-httpbin/security/advisories/new +[2]: https://github.com/mccutchen/go-httpbin/releases