From 6e543b11bc16adb1cc7b0e77e0f3795528752712 Mon Sep 17 00:00:00 2001 From: Barry O'Donovan Date: Tue, 22 Nov 2022 13:51:17 +0000 Subject: [PATCH] Update SECURITY.md A review of this document following a query re disclosure. Filled out the content and specifically called out our happiness to acknowledged those who responsibly disclose. --- SECURITY.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 7c80b5796..c5bfd4850 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,19 @@ # Security Policy +## Reporting a Vulnerability + +Thank you in advance for looking to responsibly report security issues. + +Please contact us by email on [security@ixpmanager.org](security@ixpmanager.org) to report security issues or discuss security concerns. All security vulnerabilities will be promptly addressed. + + +### Confidentiality and Acknowledgements + +We understand that some organisations do not wish to disclose their use of specific software for security reasons. If you do not wish to be named or achnowledged in the release notes where the security issue is addressed, please just state that and we will ensure your anonymity. + +Likewise, we are delighted to achowledge and thank anyone who responsibly reports security issues to us. We usually do this in the release notes and related announcements. Please do let us know the appropriate attribution when you contact us so we can get it right! + + ## Supported Versions @@ -10,8 +24,3 @@ | 4.x.y | :x: | | < 4.0 | :x: | -## Reporting a Vulnerability - -Thank you in advance for looking to responsibly report security issues. - -Please contact us by email on [security@ixpmanager.org](security@ixpmanager.org) to report security issues or discuss security concerns.