Add SECURITY.md (#300)

* Add SECURITY.md * Update README.md * Update SECURITY.md * Update SECURITY.md
2023-08-22 14:03:29 +01:00 · 2023-08-22 14:03:29 +01:00 · 1b2d26af8f
parent ae7271251e
commit 1b2d26af8f
2 changed files with 22 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -76,6 +76,10 @@ We successfully federated with Mastodon on the following functionality:
 Contributions are very welcome. However, if you intend to change anything more than updating a dependency or fixing a small bug, please open an issue first.
 We would like to discuss any bigger changes before they are actually implemented.

+### Security
+
+If you found a suspected security vulnerability, please refer to our [security policy](./SECURITY.md) for more details.
+
 ### Note on required libraries

 We use [Nix](https://nixos.org) for handling our development dependencies.
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,18 @@
+# Security policy
+
+> **Warning**
+> At this time, Kitsune is in early stages of development. We don't recommend setting up an instance yet.
+
+## Reporting a vulnerability
+
+> Please **DO NOT** report security vulnerabilities via the public issue tracker
+
+To report a vulnerability, please navigate to the [Advisories page](https://github.com/kitsune-soc/kitsune/security/advisories) and click on "Report a vulnerability".  
+You will then be taken to a form where you can file the report.
+
+Please include as much information as possible in your report:
+
+- The git revision you are running
+- The operating system Kitsune is running on
+- Any backtraces (if applicable)
+- Reproduction steps