chore: create SECURITY.md

labring · Nov 16, 2023 · f4d52a0 · f4d52a0
1 parent f2a3a40
commit f4d52a0
Showing 1 changed file with 44 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,44 @@
+# Security Policy
+
+## Supported Versions
+
+Which versions are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.0-beta.13   | :white_check_mark: |
+| 1.0.0-beta.12   | :white_check_mark: |
+| 1.0.0-beta.11   | :white_check_mark: |
+| < 1.0.0-beta.10   | :x:                |
+
+## Security
+
+Laf takes the security of our software products and services seriously.
+
+If you believe you have found a security vulnerability in laf repository, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them by sending email to [maslow@sealos.io](mailto:maslow@sealos.io).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award.
+
+## Preferred Languages
+
+We prefer all communications to be in English or Chinese.