Create SECURITY.md

tngraf · web-flow · commit 5b01eca04f1d · 2025-07-25T16:59:14.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+The CaPyCLI community takes the security of its code seriously. If you think you have found a security vulnerability, please read the next sections and follow the instructions to report your finding.
+
+## Reporting a Vulnerability
+
+Please DO NOT report any potential security vulnerability via a public channel (mailing list, github issue etc.).
+Instead, create a report via https://github.com/sw360/capycli/security/advisories/new or contact the maintainers thomas.graf [at] siemens.com via email directly.
+Please provide a detailed description of the issue, the steps to reproduce it, the affected versions and, if already available, a proposal for a fix.
+You should receive a response within 5 working days. If the issue is confirmed as a vulnerability by us, we will open a Security Advisory on github
+and give credits for your report if desired. This project follows a 90 day disclosure timeline.
