ENGCOM-5189: Create Security.md file to show on GitHub Security/Policy page #23067

magento-engcom-team · magento-engcom-team · commit 89432898c232 · 2019-05-30T14:31:27.000-05:00
- Merge Pull Request #23067 from piotrekkaminski/magento2:piotrekkaminski-patch-securitypolicy - Merged commits: 1. 6bac9b9
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+# Reporting Security Issues
+
+Magento values the contributions of the security research community, and we look forward to working with you to minimize risk to Magento merchants. 
+
+## Where should I report security issues?
+
+We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/magento).  Please provide us with relevant technical details and repro steps to expedite our investigation.  If you prefer not to use HackerOne, email us directly at `psirt@adobe.com` with details and repro steps.  
+
+## Learning More About Security
+To learn more about securing a Magento store, please visit the [Security Center](https://magento.com/security).
