Add how users should report security vulnerabilities for this repository (#2562)

## Proposed Changes

Suggestion to add a notice on how to report security vulnerabilities. This is visible at https://github.com/sigp/lighthouse/security
This commit is contained in:
Fredrik Svantes 2021-09-07 01:54:05 +00:00
parent ddbd4e6965
commit 1eefd6d413

13
SECURITY.md Normal file
View File

@ -0,0 +1,13 @@
# Security Policy
## Supported Versions
Please see [Releases](https://github.com/sigp/lighthouse/releases/). We recommend using the [most recently released version](https://github.com/sigp/lighthouse/releases/latest).
## Reporting a Vulnerability
Please send vulnerability reports to security@sigmaprime.io and encrypt sensitive messages using our [PGP
key](https://keybase.io/sigp/pgp_keys.asc?fingerprint=15e66d941f697e28f49381f426416dc3f30674b0).
**Please do not file a public ticket** mentioning the vulnerability, as doing so could increase the likelihood of the vulnerability being used before a fix has been created, released and installed on the network.