SECURITY.md: Introduce security reporting process

2020-06-11 14:58:13 +02:00 · 2020-06-11 14:58:13 +02:00 · c458d81723
parent 929717b505
commit c458d81723
1 changed files with 23 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+OpenSC releases are made roughly once a year, unless important security is discovered.
+
+OpenSC does not release micro updates for previously released versions and does not
+backport security fixes into them.
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 0.20.0   | :white_check_mark: |
+| < 0.20.0 | :x:                |
+
+## Reporting a Vulnerability
+
+If you discovered security vulnerability in supported version of OpenSC,
+you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
+(note, that these issues are public!) or you can send email to any recently active
+project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
+jakuje(at)gmail.com .
+
+You can expect update on the issue no later than in two weeks.