mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-12 02:54:20 +00:00
docs(readme): security policy (#19)
* Create SECURITY.md * Update README.md
This commit is contained in:
parent
5ba9b4c096
commit
9da20cfe25
@ -21,6 +21,10 @@ It will be an IAM ;-)
|
||||
|
||||
TBD
|
||||
|
||||
## Security
|
||||
|
||||
See the policy [here](./SECURITY.md)
|
||||
|
||||
## License
|
||||
|
||||
See the exact licensing terms [here](./LICENSE)
|
||||
|
43
SECURITY.md
Normal file
43
SECURITY.md
Normal file
@ -0,0 +1,43 @@
|
||||
# Security Policy
|
||||
|
||||
At CAOS we are extremely grateful for security aware people that disclose vulnerabilities to us and the open source community. All reports will be investigated by our team.
|
||||
|
||||
## Supported Versions
|
||||
|
||||
After the initial Release the following version support will apply
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 1.x.x | :white_check_mark: (not yet available) |
|
||||
| 0.x.x | :x: |
|
||||
|
||||
## Reporting a vulnerability
|
||||
|
||||
To file a incident, please disclose by email to security@caos.ch with the security details.
|
||||
|
||||
At the moment GPG encryption is no yet supported, however you may sign your message at will.
|
||||
|
||||
### When should I report a vulnerability
|
||||
|
||||
* You think you discovered a ...
|
||||
* ... potential security vulnerability in zitadel
|
||||
* ... vulnerability in another project that zitadel bases on
|
||||
* For projects with their own vulnerability reporting and disclosure process, please report it directly there
|
||||
|
||||
### When should I NOT report a vulnerability
|
||||
|
||||
* You need help applying security related updates
|
||||
* Your issue is not security related
|
||||
|
||||
## Security Vulnerability Response
|
||||
|
||||
TBD
|
||||
|
||||
## Public Disclosure
|
||||
|
||||
All accepted and mitigated vulnerabilitys will be published on the [Github Security Page](https://github.com/caos/zitadel/security/advisories)
|
||||
|
||||
### Timing
|
||||
|
||||
We think it is crucial to publish advisories `ASAP` as mitigations are ready. But due to the unknown nature of the discloures the time frame can range from 7 to 90 days.
|
||||
|
Loading…
Reference in New Issue
Block a user