django · SaptakS · May 30, 2025 · Oct 2, 2025 · Stormheg · Oct 2, 2025
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,34 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the Django website (`djangoproject.com`) and Django documentation(`docs.djangoproject.com`). This is separate from [Django's security policies](https://docs.djangoproject.com/en/dev/internals/security/).
+
+- [Reporting a Bug](#reporting-a-bug)
+- [Reporting Guidelines](#reporting-guidelines)
+- [Disclosure Policy](#disclosure-policy)
+- [Comments on this Policy](#comments-on-this-policy)
+
+## Reporting a Bug
+
+The Django website working group is committed to responsible reporting and
+disclosure of security-related issue on our website. We appreciate your efforts
+and responsible disclosure.
+
+Report security bugs and issue by creating a
-Report security bugs and issue by creating a
+Report security bugs and issues by creating a
-Report security bugs and issue by creating a
+Report security bugs and issues by creating a
+[new vulnerability report](https://github.com/django/djangoproject.com/security/advisories/new)
+in the djangoproject.com repository.
+
+Once you’ve submitted a security vulnerability report, the website working
+group will begin their analysis. Depending on the action to be taken, you may
+receive followup emails. It can take several weeks before the website working
+group comes to a conclusion and resolves the issue.
+
+## Reporting Guidelines
+
+While reporting a security issue related to the Django website, we encourage you
+to include a runnable proof of concept to reproduce the issue. That will help us
+analyse the issue better.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved please create a
+pull request by [editing this file](https://github.com/django/djangoproject.com/edit/main/.github/SECURITY.md).