BUILD-6088 Create SECURITY.md

SonarSource · Sep 13, 2024 · c70b0ef · c70b0ef
1 parent 4a8c536
commit c70b0ef
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,24 @@
+# Reporting Security Issues
+
+A mature software vulnerability treatment process is a cornerstone of a robust
+information security management system.
+Contributions from the community play an important role in the evolution and
+security of our products, and in safeguarding
+the security and privacy of our users.
+
+If you believe you have discovered a security vulnerability in Sonar's products,
+we encourage you to report it immediately.
+
+To responsibly report a security issue, please email us at [[email protected]](mailto:[email protected]).
+Sonar’s security team will acknowledge your report, guide you through the next
+steps, or request additional information if necessary.
+Customers with a support contract can also report the vulnerability directly
+through the support channel.
+
+For security vulnerabilities found in third-party libraries, please also contact
+the library's owner or maintainer directly.
+
+## Responsible Disclosure Policy
+
+For more information about disclosing a security vulnerability to Sonar, please
+refer to our community post: [Responsible Vulnerability Disclosure](https://community.sonarsource.com/t/responsible-vulnerability-disclosure/9317/).