security: add SECURITY reporting guidelines

erlang · Nov 6, 2024 · 6d1db6d · 6d1db6d
1 parent 23fd019
commit 6d1db6d
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -73,7 +73,10 @@ Please visit our [GitHub Issues](https://github.com/erlang/otp/issues) page for
 
 ### Security Disclosure
 
-We take security bugs in Erlang/OTP seriously. Please disclose the issues regarding security by sending an email to **erlang-security [at] erlang [dot] org** and not by creating a public issue.
+Please do not report security vulnerabilities through public channels, like
+GitHub issues, discussions, or pull requests.
+
+Please disclose the security issues following our [SECURITY](SECURITY.md) guidelines.
 
 ## Contributing
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Reporting a Vulnerability and/or Security Issues
+
+Please do not report security vulnerabilities through public channels, like
+GitHub issues, discussions, or pull requests.
+
+If you believe you have found a security vulnerability in this repository,
+please report it to [email protected] or https://github.com/erlang/otp/security.
+
+## Supported Versions
+
+Erlang/OTP supports the last 3 OTP releases with security updates and patches.
+For example, if the latest release is OTP-27, we will support with maintainance and security releases:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 27      | :white_check_mark: |
+| 26      | :white_check_mark: |
+| 25      | :white_check_mark: |
+| =< 24   | :x:               |
+
+
+
+