From e3034ba0cb0db6c35c649bf436a63cbd0b76d0d0 Mon Sep 17 00:00:00 2001 From: Georges-Antoine Assi Date: Sun, 27 Aug 2023 09:56:21 -0400 Subject: [PATCH] Add a SECURITY.md policy --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..399020d0f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +Thanks for helping make RomM safer for everyone. + +## Reporting Security Issues + +If you believe you have found a security vulnerability in RomM, please report it to us through coordinated disclosure. + +**Do not report security vulnerabilities through public GitHub issues, discussions, pull requests, or on our public Discord server.** + +Instead, use the [vulnerability report form](https://github.com/zurdi15/romm/security/advisories/new) on GitHub. + +Please include as much of the information listed below as you can to help us better understand and resolve the issue: + +- The type of issue (e.g., permission bypass, remote code execution, etc.) +- Full paths of source file(s) related to the manifestation of the issue +- The location of the affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if possible) +- Impact of the issue (including how an attacker might exploit the issue) + +This information will help us investigate and patch the issue more quickly.