From 107fd6afbb60a82426a296741a5a4b8505357b0c Mon Sep 17 00:00:00 2001 From: "Bruno P. Kinoshita" Date: Sat, 5 Aug 2023 12:54:49 +0200 Subject: [PATCH] Add SECURITY.MD file --- SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..21093d904 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Security Policies and Procedures + +This document outlines security procedures and general policies for the +Autosubmit project. + + * [Reporting Security Issues](#reporting-security-issues) + * [Preferred Languages](#preferred-languages) + * [Policy](#policy) + +## Reporting Security Issues + +**Please do NOT report security vulnerabilities through public issues.** + +The Autosubumit maintainers take security bugs seriously. Thank you for +improving the security of Autosubumit. We appreciate your efforts and responsible +disclosure and will make every effort to acknowledge your contributions. + +If you believe you have found a security vulneratibility in Autosubmit, +please report it by sending an email to +support-autosubmit@bsc.es. + +## Preferred Languages + +All communications are preffered to be in English, Spanish, or Catalan. + +## Policy + +When the Autosubmit maintainers receive a security bug report, they will +assign it to a primary handler. This person will coordinate the fix and +release process as follows: + +* Confirm the problem and determine the affected versions. +* Audit code to find any potential similar problems. +* Prepare fixes for all releases still under maintenance. +* Cut new releases as soon as possible. + +CVE's may also be issued depending on the risk level, with credit to +the reporter. -- GitLab