Add SECURITY guidelines about security vulnerability disclosures, and link them from the CONTRIBUTING guidelines

This commit is contained in:
Jérémie Astori 2018-01-14 20:54:22 -05:00
parent 7a691b8e6c
commit fda03b8362
No known key found for this signature in database
GPG Key ID: B9A4F245CD67BDE8
2 changed files with 11 additions and 0 deletions

View File

@ -9,6 +9,8 @@ your contributions.
issues](https://github.com/thelounge/lounge/issues?q=is%3Aissue) to see if issues](https://github.com/thelounge/lounge/issues?q=is%3Aissue) to see if
this was not already discussed before. If you can't see any, feel free to this was not already discussed before. If you can't see any, feel free to
[open a new issue](https://github.com/thelounge/lounge/issues/new). [open a new issue](https://github.com/thelounge/lounge/issues/new).
- If you think you discovered a security vulnerability, **do not open a public
issue on GitHub.** Refer to our [security guidelines](SECURITY.md) instead.
### I want to contribute to the code ### I want to contribute to the code

9
SECURITY.md Normal file
View File

@ -0,0 +1,9 @@
# Responsible Disclosure of Security Vulnerabilities
- ⚠️ **Do not open public issues on GitHub to report security vulnerabilities.**
- Contact us privately first, in a
[responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure)
manner.
- On IRC, send a private message to any voiced user on our Freenode channel,
`#thelounge`.
- By email, send us your report at <mailto:security@thelounge.chat>.