Create SECURITY.md

mattwiese-aptible · web-flow · commit 07f16d46a621 · 2023-02-28T14:18:22.000-05:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Aptible Open Source Security Policies and Procedures
+
+This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
+
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Responsible Disclosure Policy](#responsible-disclosure-policy)
+
+## Reporting a Vulnerability 
+
+The Aptible team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the Aptible security team at:
+    
+    security@aptible.com
+
+Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
+
+The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
+
+## Responsible Disclosure Policy
+
+Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/
