Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* chore: Create SECURITY.md * Update SECURITY.md
- Loading branch information
Showing
1 changed file
with
17 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Security Policy | ||
|
||
## Reporting a Vulnerability | ||
If you discover a security vulnerability within Timber, please submit your report via the link below. Please be mindful of the fact that the maintainers are working on Timber in their free time, so the initial response can take some time. | ||
|
||
### Disclosure Policy | ||
Please do not discuss any vulnerabilities (even resolved ones) without express consent. | ||
|
||
### Submit your report | ||
When you've found a security issue that abides by the rules and scope of this project, please submit the report to us via [Github](https://github.com/timber/timber/security/advisories/new). In your report, make sure to include a detailed guide on how to reproduce the issue. | ||
|
||
### After your submission | ||
We will make a best effort to meet the following response targets for security reports: | ||
|
||
- Time to first response (from report submit) - 5 business days | ||
- Time to triage (from report submit) - 10 business days | ||
- Time to fix (from triage) - 15 business days |