docs: define security policy (#464)

Signed-off-by: Santiago Carmuega <santiago@carmuega.me>
2024-05-22 10:53:39 -03:00 · 2024-05-22 10:53:39 -03:00 · e64b4a0f2b
commit e64b4a0f2b
parent 51a81241d3
1 changed files with 22 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 0.x.x    | :white_check_mark: |
+| < 0.15   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of our project seriously. If you find any security vulnerabilities in the Pallas codebase, please follow these steps:
+
+- DO NOT open an issue on GitHub.
+- Email us directly at [security@txpipe.io](security@txpipe.io).
+- Provide as many details as possible about the vulnerability. If you know how to reproduce the vulnerability, please include that information too.
+- We will respond to your report within 48 hours and will keep you updated on the status of the issue.
+- Once we have fixed the issue, we will credit you for your discovery in the public announcement (unless you prefer to remain anonymous).
+
+Please act in good faith towards our users' privacy and data during your disclosure. We care deeply about maintaining the trust of our users and community and expect you to follow the same principles.
+
+Thank you for helping keep Pallas and our users safe!