Add an explicit security policy.

2026-04-21 13:37:44 +00:00 · 2026-02-03 12:45:29 +01:00 · 2026-02-03 12:45:29 +01:00 · 0ef67758f0
commit 0ef67758f0
parent 2ce9737369
1 changed files with 35 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,35 @@
+# Security Policy
+
+Found a security issue in [TrailBase](https://github.com/trailbaseio/trailbase)?
+Read on.
+
+## Reporting a Vulnerability
+
+At TrailBase we take all security bugs very seriously.
+Thank you for helping to improving our security, we'll make every effort to
+acknowledge your contributions.
+
+Vulnerabilities should be reported to [security@trailbase.io](mailto:security@trailbase.io),
+a private maintainer-only email address.
+Please do not open a public issue, as GitHub does not provide facility for
+private issues.
+Deleting the issue will prevent any follow-up communication with the reporter.
+
+When reporting an issue, where possible, please provide the following:
+
+- Commit version where the issue was introduced.
+- A proof of concept (plaintext; or ideally send a patch to same email address)
+- Steps to reproduce
+- Your recommended fixes, if any.
+
+When a vulnerability is reported, we will:
+
+- Confirm the problem and determine the affected versions.
+- Audit the code to find any potential similar problems.
+- Work on the fix.
+- Prepare a new release.
+- Manage communications.
+
+## Comments on this Policy
+
+If you have suggestions on how this process could be improved, let us know.