diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000000000000000000000000000000000..21093d904a354f202fdcb4f02ade2b8e1d388488 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the +Autosubmit project. + + * [Reporting Security Issues](#reporting-security-issues) + * [Preferred Languages](#preferred-languages) + * [Policy](#policy) + +## Reporting Security Issues + +**Please do NOT report security vulnerabilities through public issues.** + +The Autosubumit maintainers take security bugs seriously. Thank you for +improving the security of Autosubumit. We appreciate your efforts and responsible +disclosure and will make every effort to acknowledge your contributions. + +If you believe you have found a security vulneratibility in Autosubmit, +please report it by sending an email to +support-autosubmit@bsc.es. + +## Preferred Languages + +All communications are preffered to be in English, Spanish, or Catalan. + +## Policy + +When the Autosubmit maintainers receive a security bug report, they will +assign it to a primary handler. This person will coordinate the fix and +release process as follows: + +* Confirm the problem and determine the affected versions. +* Audit code to find any potential similar problems. +* Prepare fixes for all releases still under maintenance. +* Cut new releases as soon as possible. + +CVE's may also be issued depending on the risk level, with credit to +the reporter.