From 0a9842a705b1574b2553dea409bec0c6b05e9c9f Mon Sep 17 00:00:00 2001 From: andrea Date: Mon, 17 Jun 2019 11:15:17 -0500 Subject: [PATCH] Create SECURITY.md for GitHub security policy page What would you like to be added: GitHub has a [security policy](https://github.com/moby/moby/security/policy) page that uses a SECURITY.md file from the repository to show the project's security policy. Why is this needed: Adding this file makes it easier for security researchers to learn about the correct place to report a vulnerability in the [Moby](https://github.com/moby/moby) project. Signed-off-by: Andrea --- SECURITY.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..0ee977f87b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,9 @@ +# Reporting security issues + +The Moby maintainers take security seriously. If you discover a security issue, please bring it to their attention right away! + +### Reporting a Vulnerability + +Please **DO NOT** file a public issue, instead send your report privately to security@docker.com. + +Security reports are greatly appreciated and we will publicly thank you for it. We also like to send gifts—if you're into schwag, make sure to let us know. We currently do not offer a paid security bounty program, but are not ruling it out in the future.