From 281f1f8ecf04fe2e196c8ab888d8c73497d8fd78 Mon Sep 17 00:00:00 2001 From: anish-devgit Date: Tue, 13 Jan 2026 18:15:36 +0530 Subject: [PATCH] Add Security Policy (Issue #187) Fixes #187. Adds SECURITY.md to the repository root with vulnerability disclosure instructions. Signed-off-by: anish-devgit --- SECURITY.md | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..7a2bc17 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,34 @@ +# Security Policy + +AboutCode.org and the nexB Inc. team take the security of our software products and services seriously. + +## Supported Versions + +We generally support the latest major version of our software. Please check the specific repository's `README.md` or release notes for detailed version support information. + +## Reporting a Vulnerability + +If you find a security vulnerability in any of our projects, please report it to us as soon as possible. + +**Do not report security vulnerabilities through public GitHub issues.** + +Instead, please report them via email to **security@aboutcode.org**. + +Please include as much information as possible in your report, including: +* The project and version affected. +* A description of the vulnerability. +* Steps to reproduce the issue (proof-of-concept code is helpful). +* The potential impact of the vulnerability. + +### Response Timeline + +We will acknowledge receipt of your report within 48 hours. We strive to fix valid critical vulnerabilities as quickly as possible and will keep you updated on our progress. + +## Best Practices + +We encourage security researchers to follow responsible disclosure practices: +* Give us reasonable time to fix the issue before making it public. +* Do not exploit the vulnerability to access or manipulate user data. +* Respect the privacy of our users. + +Thank you for helping keep the open source community secure!