chore: security.txt (#146)

* chore: security.txt * Update SECURITY.md Co-authored-by: Livio Spring <[email protected]> * Update SECURITY.md Co-authored-by: Livio Spring <[email protected]> * format Co-authored-by: Livio Spring <[email protected]>
zitadel · Oct 17, 2022 · c7f6306 · c7f6306
1 parent 0652b4b
commit c7f6306
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,43 @@
+# Security Policy
+
+At ZITADEL we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
+
+## Supported Versions
+
+After the initial Release the following version support will apply
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.x.x   | :white_check_mark: |
+| 1.x.x   | :white_check_mark: |
+| 2.x.x   | :white_check_mark: |
+
+## Reporting a vulnerability
+
+To file a incident, please disclose by email to [email protected] with the security details.
+
+At the moment GPG encryption is no yet supported, however you may sign your message at will.
+
+### When should I report a vulnerability
+
+* You think you discovered a ...
+  * ... potential security vulnerability in the SDK
+  * ... vulnerability in another project that this SDK bases on
+* For projects with their own vulnerability reporting and disclosure process, please report it directly there
+
+### When should I NOT report a vulnerability
+
+* You need help applying security related updates
+* Your issue is not security related
+
+## Security Vulnerability Response
+
+TBD
+
+## Public Disclosure
+
+All accepted and mitigated vulnerability's will be published on the [Github Security Page](https://github.com/zitadel/zitadel-go/security/advisories)
+
+### Timing
+
+We think it is crucial to publish advisories `ASAP` as mitigation's are ready. But due to the unknown nature of the disclosures the time frame can range from 7 to 90 days.