scorecard/SECURITY.md

# Reporting Security Issues

To report a security issue, please email
[oss-security@googlegroups.com](mailto:oss-security@googlegroups.com)
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue.

Our vulnerability management team will respond within 3 working days of your
email. If the issue is confirmed as a vulnerability, we will open a
Security Advisory and acknowledge your contributions as part of it. This project
follows a 90 day disclosure timeline.
Add SECURITY.md Based on template from Anne. Fixes https://github.com/ossf/scorecard/issues/165 2021-02-13 22:37:08 +03:00			`# Reporting Security Issues`

			`To report a security issue, please email`
			`[oss-security@googlegroups.com](mailto:oss-security@googlegroups.com)`
			`with a description of the issue, the steps you took to create the issue,`
			`affected versions, and, if known, mitigations for the issue.`

			`Our vulnerability management team will respond within 3 working days of your`
			`email. If the issue is confirmed as a vulnerability, we will open a`
			`Security Advisory and acknowledge your contributions as part of it. This project`
			`follows a 90 day disclosure timeline.`