Add default SECURITY policy (hyperledger#58)

Signed-off-by: Ry Jones <ry@linux.com>
garyschulte · Sep 29, 2019 · f84bd55 · f84bd55
1 parent 50c0764
commit f84bd55
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Hyperledger Security Policy
+
+## Reporting a Security Bug
+
+If you think you have discovered a security issue in any of the Hyperledger
+projects, we'd love to hear from you. We will take all security bugs
+seriously and if confirmed upon investigation we will patch it within a
+reasonable amount of time and release a public security bulletin discussing
+the impact and credit the discoverer.
+
+There are two ways to report a security bug. The easiest is to email a
+description of the flaw and any related information (e.g. reproduction
+steps, version) to
+[security at hyperledger dot org](mailto:security@hyperledger.org).
+
+The other way is to file a confidential security bug in our
+[JIRA bug tracking system](https://jira.hyperledger.org).
+Be sure to set the “Security Level” to “Security issue”.
+
+The process by which the Hyperledger Security Team handles security bugs
+is documented further in our
+[Defect Response](https://wiki.hyperledger.org/display/HYP/Defect+Response)
+page on our [wiki](https://wiki.hyperledger.org).