Merge pull request #4674 from mailcow/feature/SECURITY.md
Create SECURITY.md
This commit is contained in:
commit
2278a6cc73
42
SECURITY.md
Normal file
42
SECURITY.md
Normal file
@ -0,0 +1,42 @@
|
||||
# Security Policies and Procedures
|
||||
|
||||
This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized).
|
||||
|
||||
* [Reporting a Vulnerability](#reporting-a-vulnerability)
|
||||
* [Disclosure Policy](#disclosure-policy)
|
||||
* [Comments on this Policy](#comments-on-this-policy)
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
The mailcow team and community take all security vulnerabilities
|
||||
seriously. Thank you for improving the security of our open source
|
||||
software. We appreciate your efforts and responsible disclosure and will
|
||||
make every effort to acknowledge your contributions.
|
||||
|
||||
Report security vulnerabilities by emailing the mailcow team at:
|
||||
|
||||
info at servercow.de
|
||||
|
||||
mailcow team will acknowledge your email as soon as possible, and will
|
||||
send a more detailed response afterwards indicating the next steps in
|
||||
handling your report. After the initial reply to your report, the mailcow
|
||||
team will endeavor to keep you informed of the progress towards a fix and
|
||||
full announcement, and may ask for additional information or guidance.
|
||||
|
||||
Report security vulnerabilities in third-party modules to the person or
|
||||
team maintaining the module.
|
||||
|
||||
## Disclosure Policy
|
||||
|
||||
When the mailcow team receives a security bug report, they will assign it
|
||||
to a primary handler. This person will coordinate the fix and release
|
||||
process, involving the following steps:
|
||||
|
||||
* Confirm the problem and determine the affected versions.
|
||||
* Audit code to find any potential similar problems.
|
||||
* Prepare fixes for all releases still under maintenance.
|
||||
|
||||
## Comments on this Policy
|
||||
|
||||
If you have suggestions on how this process could be improved please submit a
|
||||
pull request.
|
Loading…
Reference in New Issue
Block a user