diff options
author | Joyce <joycebrum@google.com> | 2023-04-06 14:40:31 -0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-04-06 14:40:31 -0300 |
commit | e055155fa0bfc9216c5a653cb2f8aeae84dc5dc2 (patch) | |
tree | 5fb051e53afa687030027f6e38948697fc3b0af2 | |
parent | fbcdce5cf5618e6e3f7ae3fee352220ace45eb89 (diff) | |
download | libexpat-git-e055155fa0bfc9216c5a653cb2f8aeae84dc5dc2.tar.gz |
Update SECURITY.md
Signed-off-by: Joyce <joycebrum@google.com>
-rw-r--r-- | SECURITY.md | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/SECURITY.md b/SECURITY.md index 4d6a1679..05937984 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,6 +1,13 @@ # Security Policy + If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. -Please disclose it at [security advisory](https://github.com/libexpat/libexpat/security/advisories/new). +To submit your report, please email [sebastian@pipping.org](mailto:sebastian@pipping.org) . + +Please provide at least the following information in your report: + +- A description of the vulnerability and its impact +- How to reproduce the issue + This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure. |