chore: Create SECURITY.md (#2939)

* chore: Create SECURITY.md * Update SECURITY.md
timber · Mar 11, 2024 · be36065 · be36065
1 parent 97010c4
commit be36065
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+If you discover a security vulnerability within Timber, please submit your report via the link below. Please be mindful of the fact that the maintainers are working on Timber in their free time, so the initial response can take some time.
+
+### Disclosure Policy
+Please do not discuss any vulnerabilities (even resolved ones) without express consent.
+
+### Submit your report
+When you've found a security issue that abides by the rules and scope of this project, please submit the report to us via [Github](https://github.com/timber/timber/security/advisories/new). In your report, make sure to include a detailed guide on how to reproduce the issue.
+
+### After your submission
+We will make a best effort to meet the following response targets for security reports:
+
+- Time to first response (from report submit) - 5 business days
+- Time to triage (from report submit) - 10 business days
+- Time to fix (from triage) - 15 business days