From e8609b0cdd058b0c28e838027ef53467ba9101b8 Mon Sep 17 00:00:00 2001 From: Yusuke Kato Date: Fri, 16 Feb 2024 07:48:04 +0900 Subject: [PATCH] Create SECURITY.md Signed-off-by: Yusuke Kato --- SECURITY.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..25cc1e1890 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,30 @@ +# Security Policy + +## Supported Versions + +We currently offer security updates for the following Vald versions: + +| Version | Supported | +| -------- | ------------------ | +| v1.7.x | :white_check_mark: | +| v1.6.x | :white_check_mark: | +| < v1.6 | :x: | + +## Reporting a Vulnerability + +At Vald, we prioritize software security. If you discover a security vulnerability, please report it to vald@vdaas.org. + +When reporting a vulnerability, please provide: + +- A clear and concise description of the vulnerability. +- Steps to reproduce the issue. +- Any relevant versions or configurations to aid in diagnosing the problem. +- Any potential solutions or mitigations you may know of. + +We will assess your report promptly and respond as soon as possible. Once we reply, we will keep you informed about the fix progress and a comprehensive announcement. We value your responsible disclosure and will recognize your contributions. + +## Security Update Policy + +Our goal is to address all reported security issues promptly. Upon confirming a security concern, we will promptly release patch updates for the two most recent Vald minor versions. We advise all users to apply security updates as soon as they become available. + +Thank you for contributing to the safety of Vald and its users.