security disclosure docs

author: Matt Davis <mrd@redhat.com> 2022-07-11 15:31:43 -0700
committer: Matt Davis <mrd@redhat.com> 2022-07-11 17:31:22 -0700
commit: 0abad85a17ba75c0fb431feea7a6a06125341a99 (patch)
tree: e2811feff3ea6e9f623964fa2f23d4c31c45569b
parent: 8cdff2c80573b8be8e8ad28929264a913a63aa33 (diff)
download: pyyaml-git-0abad85a17ba75c0fb431feea7a6a06125341a99.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..7d4f8bc
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,10 @@
+# PyYAML Security Policy
+
+## Reporting a Suspected Vulnerability
+
+The PyYAML project encourages responsible disclosure of suspected security
+vulnerabilities. However, we do not offer bug bounties, paid disclosure, or
+paid fixes for discovered vulnerabilities. To report a suspected security
+vulnerability, please e-mail details to <security@pyyaml.org> without creating
+public issues, pull requests, or discussion. Non-security correspondence to
+this address will be ignored.
author	Matt Davis <mrd@redhat.com>	2022-07-11 15:31:43 -0700
committer	Matt Davis <mrd@redhat.com>	2022-07-11 17:31:22 -0700
commit	0abad85a17ba75c0fb431feea7a6a06125341a99 (patch)
tree	e2811feff3ea6e9f623964fa2f23d4c31c45569b
parent	8cdff2c80573b8be8e8ad28929264a913a63aa33 (diff)
download	pyyaml-git-0abad85a17ba75c0fb431feea7a6a06125341a99.tar.gz