Create SECURITY.md containing the blackmagic security policy.

blackmagic-debug · Dec 28, 2022 · da699fa · da699fa
1 parent 1135437
commit da699fa
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version |     Supported      |
+|---------|--------------------|
+|   1.9.x | :white_check_mark: |
+|   1.8.x | :white_check_mark: |
+|<= 1.7.x | :x:                |
+
+Any older version not listed in the above table is also not supported
+
+## Reporting a Vulnerability
+
+If you think you've found a vulnerability and wish to responsibly disclose it, please send an email
+to disclosure@black-magic.org with a clear description of the issue and steps for how to reproduce
+it in the body.
+
+If we can reproduce the issue we will create a fix branch on the main repository with nondescript
+commit messages as to the underlying issue and take the fix through our normal pull request process.
+For severe issues we may instead use the private mirror of the repository for fixing the bug so we
+can publish a fix and release binaries only once ready.
+
+Severe security issues may result in out of band point releases being made to address the problem,
+even to otherwise unsupported versions. This will be done at the discretion of the project.
+
+During the process, you will be kept apprised of our progress by email with public disclosure on the
+issue tracker or as a PR only once the fix is developed and ready.