From 230aeb01da478e916bb3ece5d6faa6eca8013c79 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Mon, 22 Mar 2021 17:07:30 -0400
Subject: [PATCH 1/9] Create SECURITY.md

---
 SECURITY.md | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..2f732427a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,47 @@
+# Security Policy
+This document outlines security policy and procedures for the CrowdStrike `falconpy` project.
++ [Supported Python versions](#supported-python-versions)
++ [Supported FalconPy versions](#supported-falconpy-versions)
++ [Reporting a potential security vulnerability](#reporting-a-potential-security-vulnerability)
++ [Disclosure and Mitigation Process](#disclosure-and-mitigation-process)
+
+## Supported Python versions
+
+FalconPy functionality is only tested to run under the following versions of Python.
+
+| Version | Supported |
+| :------- | :--------- |
+| 3.9.x   | :white_check_mark: |
+| 3.8.x   | :white_check_mark: |
+| 3.7.x   | :white_check_mark: |
+| 3.6.x   | :white_check_mark: |
+| <= 3.5  | :x: |
+| <= 2.x.x | :x: |
+
+## Supported FalconPy versions
+
+We release patches for security vulnerabilities as they are discovered. 
+
+Version eligibility for receiving patches depends on the CVSS v3.0 Rating:
+
+| CVSS v3.0 | Supported Versions |
+| :------- | :-------------------- |
+| 9.0 - 10.0 | Releases within the past three months |
+| 4.0 - 8.9 | Most recent release |
+
+## Reporting a potential security vulnerability
+
+Please report suspected security vulnerabilities to __falconpy@crowdstrike.com__. 
+
+## Disclosure and mitigation process
+
+Upon receiving a security bug report, the issue will be assigned to one of the project maintainers. This person will coordinate the related fix and release
+process, involving the following steps:
++ Communicate with you to confirm we have received the report and provide you with a status update.
+    - You should receive this message within 48 hours.
++ Confirmation of the issue and a determination of affected versions.
++ An audit of the codebase to find any potentially similar problems.
++ Preparation of patches for all releases still under maintenance.
+    - These patches will be submitted as a separate pull request and contain a version update.
+    - This pull request will be flagged as a security fix.
+    - Once merged, and after post-merge unit testing has been completed, the patch will be immediately published to both PyPI repositories.

From 462d5e3c609133c899145d9a5e38f8afb1c91212 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Mon, 22 Mar 2021 17:09:58 -0400
Subject: [PATCH 2/9] Update SECURITY.md

---
 SECURITY.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 2f732427a..80be81d61 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -45,3 +45,6 @@ process, involving the following steps:
     - These patches will be submitted as a separate pull request and contain a version update.
     - This pull request will be flagged as a security fix.
     - Once merged, and after post-merge unit testing has been completed, the patch will be immediately published to both PyPI repositories.
+
+## Comments
+If you have suggestions on how this process could be improved, please let us know by [starting a new discussion](https://github.com/CrowdStrike/falconpy/discussions) or sending the maintainers an email at falconpy@crowdstrike.com.

From 77e813dcb33fc8627136bdac697e7a092ff13e14 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 09:54:21 -0400
Subject: [PATCH 3/9] Update SECURITY.md

Co-authored-by: Shawn Wells <shawn@shawndwells.io>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 80be81d61..63173127d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -47,4 +47,4 @@ process, involving the following steps:
     - Once merged, and after post-merge unit testing has been completed, the patch will be immediately published to both PyPI repositories.
 
 ## Comments
-If you have suggestions on how this process could be improved, please let us know by [starting a new discussion](https://github.com/CrowdStrike/falconpy/discussions) or sending the maintainers an email at falconpy@crowdstrike.com.
+If you have suggestions on how this process could be improved, please let us know by [starting a new discussion](https://github.com/CrowdStrike/falconpy/discussions).

From 4106ff01c83a7283f5d8b48843b4801a97dbfed4 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 10:03:55 -0400
Subject: [PATCH 4/9] Update SECURITY.md

---
 SECURITY.md | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 63173127d..d5da6cb15 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -20,14 +20,7 @@ FalconPy functionality is only tested to run under the following versions of Pyt
 
 ## Supported FalconPy versions
 
-We release patches for security vulnerabilities as they are discovered. 
-
-Version eligibility for receiving patches depends on the CVSS v3.0 Rating:
-
-| CVSS v3.0 | Supported Versions |
-| :------- | :-------------------- |
-| 9.0 - 10.0 | Releases within the past three months |
-| 4.0 - 8.9 | Most recent release |
+When discovered, we release security vulnerability patches for the most recent release at an accelerated cadence.  
 
 ## Reporting a potential security vulnerability
 

From 313069c446633a832437dafd3313eac2f89b47b2 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 10:06:59 -0400
Subject: [PATCH 5/9] Update SECURITY.md

---
 SECURITY.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index d5da6cb15..883b8e89d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -24,7 +24,13 @@ When discovered, we release security vulnerability patches for the most recent r
 
 ## Reporting a potential security vulnerability
 
-Please report suspected security vulnerabilities to __falconpy@crowdstrike.com__. 
+We have multiple avenues to receive security-related vulnerability reports.
+
+Please report suspected security vulnerabilities by:
++ Submitting a bug
++ Starting a new discussion
++ Submitting a PR to potential resolve the issue
++ Sending an email to __falconpy@crowdstrike.com__. 
 
 ## Disclosure and mitigation process
 

From 36440ab53520d0f746d512cec3f45d5f0c17ad69 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 10:09:06 -0400
Subject: [PATCH 6/9] Update SECURITY.md

---
 SECURITY.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/SECURITY.md b/SECURITY.md
index 883b8e89d..055047ff6 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -30,6 +30,7 @@ Please report suspected security vulnerabilities by:
 + Submitting a bug
 + Starting a new discussion
 + Submitting a PR to potential resolve the issue
++ Submitting a report to our [Bug Bounty](https://hackerone.com/crowdstrike) program
 + Sending an email to __falconpy@crowdstrike.com__. 
 
 ## Disclosure and mitigation process

From f3eb337dcdfb6ee129bba06fe2cc1a9dca4d92bd Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 10:09:45 -0400
Subject: [PATCH 7/9] Update SECURITY.md

---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 055047ff6..287225116 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -38,7 +38,7 @@ Please report suspected security vulnerabilities by:
 Upon receiving a security bug report, the issue will be assigned to one of the project maintainers. This person will coordinate the related fix and release
 process, involving the following steps:
 + Communicate with you to confirm we have received the report and provide you with a status update.
-    - You should receive this message within 48 hours.
+    - You should receive this message within 48 - 72 business hours.
 + Confirmation of the issue and a determination of affected versions.
 + An audit of the codebase to find any potentially similar problems.
 + Preparation of patches for all releases still under maintenance.

From 93ead5e75ea994301c0ee8d70a908a85243424d0 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 10:13:08 -0400
Subject: [PATCH 8/9] Update SECURITY.md

---
 SECURITY.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 287225116..96e270d1a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -27,9 +27,9 @@ When discovered, we release security vulnerability patches for the most recent r
 We have multiple avenues to receive security-related vulnerability reports.
 
 Please report suspected security vulnerabilities by:
-+ Submitting a bug
-+ Starting a new discussion
-+ Submitting a PR to potential resolve the issue
++ Submitting a [bug](https://github.com/CrowdStrike/falconpy/issues)
++ Starting a new [discussion](https://github.com/CrowdStrike/falconpy/discussions)
++ Submitting a [pull request](https://github.com/CrowdStrike/falconpy/pulls) to potentially resolve the issue
 + Submitting a report to our [Bug Bounty](https://hackerone.com/crowdstrike) program
 + Sending an email to __falconpy@crowdstrike.com__. 
 

From 216478647ae77c5f8575cadb43024eace32eae59 Mon Sep 17 00:00:00 2001
From: jshcodes <74007258+jshcodes@users.noreply.github.com>
Date: Tue, 23 Mar 2021 10:36:07 -0400
Subject: [PATCH 9/9] Update SECURITY.md

---
 SECURITY.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 96e270d1a..24c25b325 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -30,7 +30,6 @@ Please report suspected security vulnerabilities by:
 + Submitting a [bug](https://github.com/CrowdStrike/falconpy/issues)
 + Starting a new [discussion](https://github.com/CrowdStrike/falconpy/discussions)
 + Submitting a [pull request](https://github.com/CrowdStrike/falconpy/pulls) to potentially resolve the issue
-+ Submitting a report to our [Bug Bounty](https://hackerone.com/crowdstrike) program
 + Sending an email to __falconpy@crowdstrike.com__. 
 
 ## Disclosure and mitigation process