thelounge/SECURITY.md

# Responsible Disclosure of Security Vulnerabilities

- ⚠️ **Do not open public issues on GitHub to report security vulnerabilities.**
- Contact us privately first, in a
  [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure)
  manner.
- On IRC, send a private message to any voiced user on our Freenode channel,
  `#thelounge`.
- By email, send us your report at <security@thelounge.chat>.
Add SECURITY guidelines about security vulnerability disclosures, and link them from the CONTRIBUTING guidelines 2018-01-15 02:54:22 +01:00			`# Responsible Disclosure of Security Vulnerabilities`

			`- ⚠️ Do not open public issues on GitHub to report security vulnerabilities.`
			`- Contact us privately first, in a`
			`[responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure)`
			`manner.`
			`- On IRC, send a private message to any voiced user on our Freenode channel,`
			`#thelounge`.
Remove mailto: part of security email address This actually displays `send us your report at mailto:security@thelounge.chat.`. Also, it's optional and Markdown renderer adds it when rendering to a `<a>` link. 2018-03-12 08:54:10 +01:00			`- By email, send us your report at <security@thelounge.chat>.`