From 5d360bcdd546eef7325d40821c83664161e0339e Mon Sep 17 00:00:00 2001 From: Gabe Kangas Date: Sat, 19 Mar 2022 11:51:45 -0700 Subject: [PATCH] Add SECURITY.md document. Closes #1790 --- doc/SECURITY.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 doc/SECURITY.md diff --git a/doc/SECURITY.md b/doc/SECURITY.md new file mode 100644 index 000000000..1345e51cc --- /dev/null +++ b/doc/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +Owncast appreciates efforts to improve the security of the software +and follow the [GitHub coordinated disclosure of security vulnerabilities](https://docs.github.com/en/code-security/security-advisories/about-coordinated-disclosure-of-security-vulnerabilities#about-reporting-and-disclosing-vulnerabilities-in-projects-on-github) +for responsible disclosure and prompt mitigation. + +## Supported Versions + +The latest version of Owncast is seen as the supported version. As a small project we are unable to support previous versions and urge users of the software to stay up to date. + +## Reporting a Vulnerability + +To report a security issue with Owncast, [open an issue](https://github.com/owncast/owncast/issues/new +) on the Owncast GitHub repository and *do not* mention vulnerability details in the issue. If you have a preferred next step on where to discuss the details of the disclosure, please mention that in the issue if it's appropriate for those details to be public. + +You may optionally [email Gabe](mailto:gabek@real-ity.com) to alert him directly and provide specifics on how you wish to disclose the details of the issue. + +Owncast may open a draft [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/creating-a-security-advisory) + to discuss the vulnerability details in private if it is warranted.