Add security policy

Signed-off-by: Cole Miller <[email protected]>
canonical · Sep 23, 2024 · 2ae83b7 · 2ae83b7
1 parent f5f3fa9
commit 2ae83b7
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,16 @@
+# How to report a security issue with dqlite
+
+If you find a security issue with dqlite, the best way to report it is using
+GitHub's private vulnerability reporting. [Here][advisory] is the form to
+submit a report, and [here][docs] is the detailed documentation for the GitHub
+feature.
+
+Once you submit a report, the dqlite team will work with you to figure out
+whether there is a security issue. If so, we will develop a fix, get a CVE
+assigned, and coordinating the release of the fix. The [Ubuntu Security
+disclosure and embargo policy][policy] contains more information about what you
+can expect during this phase, and what we expect from you.
+
+[advisory]: https://github.com/canonical/dqlite/security/advisories/new
+[docs]: https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability
+[policy]: https://ubuntu.com/security/disclosure-policy