Skip to content

Commit

Permalink
docs: add security.md
Browse files Browse the repository at this point in the history 
Signed-off-by: Asra Ali <[email protected]>
  • Loading branch information
@asraa @trishankatdatadog
asraa authored and trishankatdatadog committed Oct 12, 2022
1 parent 6f22146 commit 1dbbfbb
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions docs/SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
# Security Policy

The go-tuf community is committed to maintaining a reliable and consistent TUF client implementation. If you believe you have identified a security issue in go-tuf's client protocol, please follow these guidelines for responsible disclosure.

## Supported Versions

You may report issues for the most recent version of go-tuf. We will not retroactively make changes to older versions.

## Reporting a Vulnerability

If you discover a potential security issue in this project we ask that you notify the go-tuf maintainers via our [vulnerability reporting form](https://forms.gle/ShM4s3mLbUAx5QHo8). At the minimum, the report must contain the following:
* A description of the issue.
* Instructions to reproduce the issue.

Please do **not** create a public GitHub issue to submit vulnerability reports. The GitHub issue tracker is intended for bug reports and feature requests. Major feature requests, such as design changes to the specification, should be proposed via a [TUF Augmentation Protocol](https://theupdateframework.github.io/specification/latest/#tuf-augmentation-proposal-tap-support) (TAP).

## Disclosure

This project follows a 90 day disclosure timeline.

0 comments on commit 1dbbfbb

Please sign in to comment.