diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..1bb9f40 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ + +**Reporting Security Issues** + +Please refrain from reporting security vulnerabilities through public GitHub issues. + +Instead, kindly report them via the information provided in [cloud.gov's security.txt](https://cloud.gov/.well-known/security.txt). + +When reporting, include the following details (as much as possible) to help us understand the nature and extent of the potential issue: + +- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.) +- Full paths of related source file(s) +- Location of affected source code (tag/branch/commit or direct URL) +- Any special configuration required to reproduce the issue +- Step-by-step instructions to reproduce the issue +- Proof-of-concept or exploit code (if available) +- Impact of the issue, including potential exploitation by attackers + +Providing this information will facilitate a quicker triage of your report. +