From b6cac0c6aa03c476a06092862bc4313243174ed2 Mon Sep 17 00:00:00 2001 From: Martin von Zweigbergk Date: Fri, 10 Mar 2023 10:59:37 -0800 Subject: [PATCH] docs: add a SECURITY.md I've set up a jj-security@googlegroups.com list. The template comes from Google's internal web. I have no experience with GitHub's Security Advisory database, but it seems like a good practice, so let's use it. --- SECURITY.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..ccf765629 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,7 @@ +To report a security issue, please +email [Jujutsu VCS Security](jj-security@googlegroups.com) +with a description of the issue, the steps you took to create the issue, +affected versions, and, if known, mitigations for the issue. Our vulnerability +management team will respond within 3 working days of your email. If the issue +is confirmed as a vulnerability, we will open a Security Advisory. This project +follows a 90 day disclosure timeline.