From 0571ef37b882a885967d41d47896b280d5bca29e Mon Sep 17 00:00:00 2001 From: Taylor Jones Date: Wed, 17 May 2023 10:00:31 -0500 Subject: [PATCH] chore(security): add SECURITY.md policy (#13812) * chore(security): add SECURITY.md policy * chore(security): add SECURITY.md policy * docs(security): reference the release schedule --------- Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com> --- SECURITY.md | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..365e714cc7f5 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,43 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| 11.x | :white_check_mark: | +| 10.x | :white_check_mark: | +| < 9.0 | :x: | + +These supported versions include the different discrete version numbers of +individual packages as listed in the +[release changelogs](https://github.com/carbon-design-system/carbon/releases). + +Please review the +[release schedule](https://github.com/carbon-design-system/carbon/blob/main/docs/release-schedule.md) +for full details on what release phase versions are in and the level of support +provided for each. + +## Reporting a Vulnerability + +_Please do not report security vulnerabilities through public GitHub issues._ + +Instead, report a vulnerability through GitHub's security advisory feature at +https://github.com/carbon-design-system/carbon/security/advisories/new + +Please include a description of the issue, the steps you took to create the +issue, affected versions, and, if known, mitigations for the issue. Our team +aims to respond to all new vulnerability reports within 7 business days. + +Additional information on reporting vulnerabilities to IBM is available at +https://www.ibm.com/trust/security-psirt + +## Preferred languages + +We prefer all communications to be in English. + +## Comments on this policy + +If you have suggestions on how this process could be improved please +[submit a pull request](https://github.com/carbon-design-system/carbon/compare) +or [file an issue](https://github.com/carbon-design-system/carbon/issues/new) to +discuss.