Merge pull request #1984 from thelounge/astorije/vulnerability-disclosure

Add SECURITY guidelines about security vulnerability disclosures, and link them from the CONTRIBUTING guidelines
This commit is contained in:
Pavel Djundik 2018-01-16 10:35:12 +02:00 committed by GitHub
commit 33de4840c6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions

View File

@ -9,6 +9,8 @@ your contributions.
issues](https://github.com/thelounge/lounge/issues?q=is%3Aissue) to see if
this was not already discussed before. If you can't see any, feel free to
[open a new issue](https://github.com/thelounge/lounge/issues/new).
- If you think you discovered a security vulnerability, **do not open a public
issue on GitHub.** Refer to our [security guidelines](SECURITY.md) instead.
### I want to contribute to the code

9
SECURITY.md Normal file
View File

@ -0,0 +1,9 @@
# Responsible Disclosure of Security Vulnerabilities
- ⚠️ **Do not open public issues on GitHub to report security vulnerabilities.**
- Contact us privately first, in a
[responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure)
manner.
- On IRC, send a private message to any voiced user on our Freenode channel,
`#thelounge`.
- By email, send us your report at <mailto:security@thelounge.chat>.