Skip to content

Commit f984ff0

Browse files
authored
Revise vulnerability reporting guidelines
Updated the reporting process for security vulnerabilities.
1 parent e1ca4c3 commit f984ff0

1 file changed

Lines changed: 14 additions & 2 deletions

File tree

SECURITY.md

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,20 @@ We release patches and security updates for the following versions:
77
| ------- | ------------------ |
88
| main | ✅ (active) |
99

10+
---
11+
1012
## Reporting a Vulnerability
11-
If you discover a security vulnerability, please do not open a public issue.
13+
If you discover a security vulnerability, **please do not open a public issue**.
1214
Instead, report it privately by emailing us at **info@opencodechicago.org**.
1315

14-
We will review and respond as quickly as possible. Responsible disclosure is greatly appreciated.
16+
### What to include
17+
- Description of the issue
18+
- Steps to reproduce (if possible)
19+
- Any known impact or severity
20+
21+
### Our process
22+
- We will acknowledge receipt of your report within **5 business days**.
23+
- We will investigate and aim to provide a fix or mitigation as quickly as possible.
24+
- Please do not publicly disclose the issue until a fix is released.
25+
26+
Responsible disclosure is greatly appreciated and helps keep the community safe.

0 commit comments

Comments
 (0)