Merge pull request #732 from wso2/tgtshanika-patch-1

Add security policy
wso2 · Sep 16, 2022 · b3d012c · b3d012c
2 parents a47dbcd + 3a41739
commit b3d012c
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Reporting Vulnerabilities
+
+> **Warning** : Please do not create GitHub issues for security vulnerabilities.
+
+WSO2 takes security issues very seriously. If you have any concerns regarding 
+our product security or have uncovered a security vulnerability, we strongly 
+encourage you to report that to our private and highly confidential security 
+mailing list: [email protected] first, without disclosing them in any forums, 
+sites, or other groups - public or private. To protect the end-user security, 
+these issues could be disclosed in other places only after WSO2 completes its 
+[Vulnerability Management Process](https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Management+Process).
+
+[WSO2 guidelines for reporting a security vulnerability](https://docs.wso2.com/display/Security/WSO2+Security+Vulnerability+Reporting+Guidelines) page describes how to report a Security Vulnerability and includes a public key if you wish to send secure messages to [email protected]