From fda03b836280446c62fcb86adbdbb22bbc0aa88c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Astori?= Date: Sun, 14 Jan 2018 20:54:22 -0500 Subject: [PATCH] Add SECURITY guidelines about security vulnerability disclosures, and link them from the CONTRIBUTING guidelines --- CONTRIBUTING.md | 2 ++ SECURITY.md | 9 +++++++++ 2 files changed, 11 insertions(+) create mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 6f81e8f0..e43f9511 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -9,6 +9,8 @@ your contributions. issues](https://github.com/thelounge/lounge/issues?q=is%3Aissue) to see if this was not already discussed before. If you can't see any, feel free to [open a new issue](https://github.com/thelounge/lounge/issues/new). +- If you think you discovered a security vulnerability, **do not open a public + issue on GitHub.** Refer to our [security guidelines](SECURITY.md) instead. ### I want to contribute to the code diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..d7d17fd6 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Responsible Disclosure of Security Vulnerabilities + +- ⚠️ **Do not open public issues on GitHub to report security vulnerabilities.** +- Contact us privately first, in a + [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) + manner. +- On IRC, send a private message to any voiced user on our Freenode channel, + `#thelounge`. +- By email, send us your report at .