Add security policy GH file

pluginsGLPI · Mar 7, 2023 · b56ac8f · b56ac8f
1 parent 047efb4
commit b56ac8f
Showing 1 changed file with 24 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+**⚠️ Please never use standard issues to report security problems; vulnerabilities are published once a fix release is available. ⚠️**
+
+## Reporting a Vulnerability
+
+If you found a security issue, please contact us by:
+
+- [our huntr page](https://huntr.dev/repos/pluginsGLPI/fields/)
+- a mail to \[glpi-security AT ow2.org\]
+
+You should provide us all details about the issue and the way to reproduce it.
+You may also provide a script that can be used to check the issue exists.
+
+Once the report will be handled, and if the issue is not yet fixed (or in progress)
+we'll add it to the GitHub security tab, and add you as observer. Meanwhile,
+you will reserve a CVE for the issue.
+
+Thank you for improving the security of GLPI and its plugins.
+
+## Supported Versions
+
+We follow the same version support policy as GLPI.
+This means that we provide security patches to versions of the plugin that target a version of GLPI itself maintained from a security point of view.