Merge pull request #84 from tacaswell/gov_security

tacaswell · web-flow · commit 54e9a8e16b06 · 2022-11-01T13:59:11.000-04:00
GOV: add security reporting policy
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+
+## Reporting a Vulnerability
+
+
+To report a security vulnerability, please use the [Tidelift security
+contact](https://tidelift.com/security).  Tidelift will coordinate the fix and
+disclosure.
+
+If you have found a security vulnerability, in order to keep it confidential,
+please do not report an issue on GitHub.
+
+We do not award bounties for security vulnerabilities.
