Add default SECURITY policy

Signed-off-by: Ry Jones <[email protected]>
hyperledger-archives · Sep 29, 2019 · be0ac9b · be0ac9b
1 parent 8f6fc01
commit be0ac9b
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Hyperledger Security Policy
+
+## Reporting a Security Bug
+
+If you think you have discovered a security issue in any of the Hyperledger
+projects, we'd love to hear from you. We will take all security bugs
+seriously and if confirmed upon investigation we will patch it within a
+reasonable amount of time and release a public security bulletin discussing
+the impact and credit the discoverer.
+
+There are two ways to report a security bug. The easiest is to email a
+description of the flaw and any related information (e.g. reproduction
+steps, version) to
+[security at hyperledger dot org](mailto:[email protected]).
+
+The other way is to file a confidential security bug in our
+[JIRA bug tracking system](https://jira.hyperledger.org).
+Be sure to set the “Security Level” to “Security issue”.
+
+The process by which the Hyperledger Security Team handles security bugs
+is documented further in our
+[Defect Response](https://wiki.hyperledger.org/display/HYP/Defect+Response)
+page on our [wiki](https://wiki.hyperledger.org).