Add a SECURITY.md file pointing to our RFC 9116

To date we have had help from 10 or so security researchers, lets keep advertising this file as a standard point of contact for people wanting to help improve the security of IRF Uppsala, our infrastructure, our codebase and our users (external as well as internal).
irfu · Jan 24, 2023 · 684261e · 684261e
1 parent 27897fa
commit 684261e
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: "v4.2.0"
+    rev: "v4.4.0"
     hooks:
       - id: check-yaml
       - id: check-symlinks

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,7 @@
+# No explicit security policy for `ovt` alone.
+
+Thanks for taking the time to have a look at our security policy. We strive to take your concern seriously.
+
+However we do not currently have one security policy specific for only `ovt`, and we therefor recommend you instead have a look at the [security.txt](https://www.irfu.se/.well-known/security.txt). This `security.txt` file is defined as per [RFC 9116](https://www.rfc-editor.org/rfc/rfc9116.html).
+
+Note: Our [IRFU.se security.txt](https://www.irfu.se/.well-known/security.txt) file is for IRF Uppsala (covering things like: `irfu.se`, `*.irfu.se`, `irfu-matlab`, etc.), however if you have found a security problem at our headquarters at IRF Kiruna (irf.se), then please have a look at their [IRF.se security.txt](https://www.irf.se/.well-known/security.txt) file instead.