chore(security): add responsible disclosure policy

HospitalRun · Jul 9, 2020 · 5959f45 · 5959f45 · vercel · Jul 9, 2020
1 parent 8b5907d
commit 5959f45
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,21 @@
+# Responsible Disclosure Policy
+
+A responsible disclosure policy helps protect the project and its users from security vulnerabilities discovered in the project’s scope by employing a process where vulnerabilities are publicly disclosed after a reasonable time period to allow patching the vulnerability. 
+
+All security bugs are taken seriously and are considered as top priority. 
+Your efforts to responsibly disclose your findings are appreciated and will be taken into account to acknowledge your contributions.
+
+## Supported Versions
+
+This versions of HospitalRun project are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.0.0   | :white_check_mark: |
+| 1.0.0-beta   | :x:           |
+
+## Reporting a Vulnerability
+
+Report security bugs by opening a new [Security Issue](https://github.com/HospitalRun/hospitalrun-frontend/issues/new?template=security.md). You can also report a vulnerability by emailing [email protected].
+
+Report security bugs in third-party modules to the maintainer or team maintaining the module.