docs(security.md): add SECURITY.md file and policy

rropen · Aug 27, 2021 · fe37148 · fe37148
1 parent 0512500
commit fe37148
Showing 1 changed file with 25 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policies and Procedures
+
+This document outlines security procedures and general policies for the `SFM`
+project.
+
+* [Public Software Policy](#public-software-policy)
+* [Reporting a Bug](#reporting-a-bug)
+
+## Public Software Policy
+
+The `SFM` project is intended to be public facing. It is being used in a openly-visible-metrics capacity and will play a small part in the Rolls-Royce Digital Transformation efforts.  If you have any questions, please contact the lead maintainer at [[email protected]](mailto:[email protected]).
+
+## Reporting a Bug
+
+The Rolls-Royce Software Factory team and community take all security bugs in `SFM` seriously.
+Thank you for improving the security of `SFM`. We appreciate your efforts and
+responsible disclosure and will make every effort to acknowledge your
+contributions.
+
+Report security bugs by emailing the lead maintainer at [[email protected]](mailto:[email protected]).
+
+The lead maintainer will acknowledge your email within 48 hours and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining
+the module.