Merge pull request #1753 from nextcloud/github-security-md

2020-04-23 09:58:59 +02:00
parent 00d2278513 0db78f483a
commit 6619643318
1 changed files with 28 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Nextcloud version | Supported          |
+| ------- | ----------------- | ------------------ |
+| 0.8.x   | 18, 19            | :white_check_mark: |
+| 0.7.x   | 17                | :x:                |
+
+
+## Reporting a Vulnerability
+
+Security is very important to us. If you have discovered a security issue with Nextcloud,
+please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
+Your report should include:
+
+- Product version
+- A vulnerability description
+- Reproduction steps
+
+A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
+The fix will be applied to the master branch, tested, and packaged in the next security release.
+The vulnerability will be publicly announced after the release. Finally, your name will be added
+to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our 
+[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior.
+
+
+Please visit https://nextcloud.com/security/ for further information about security.