Add a basic security policy.

author Andy Allan <git@gravitystorm.co.uk>

Wed, 3 Aug 2022 16:06:18 +0000 (17:06 +0100)

committer Andy Allan <git@gravitystorm.co.uk>

Wed, 3 Aug 2022 16:06:18 +0000 (17:06 +0100)
author Andy Allan <git@gravitystorm.co.uk>
Wed, 3 Aug 2022 16:06:18 +0000 (17:06 +0100)
committer Andy Allan <git@gravitystorm.co.uk>
Wed, 3 Aug 2022 16:06:18 +0000 (17:06 +0100)
diff --git a/SECURITY.md b/SECURITY.md

new file mode 100644 (file)

index 0000000..c1ad6e5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We welcome any reports of security vulnerabilities, and we will respond to you quickly to acknowledge receipt.
+
+To report a vulnerability please email [the maintainers using this link](mailto:tom@compton.nu;openstreetmap-website@gravitystorm.co.uk;security@openstreetmap.org). This will also notify the security team for the main deployment of this software.
+
+Please note that we do not offer any bug bounties and we do not participate in any bug programs. If your security report is validated by us, then we are happy to credit you publicly in our issue tracker, on request.
author	Andy Allan <git@gravitystorm.co.uk>
	Wed, 3 Aug 2022 16:06:18 +0000 (17:06 +0100)
committer	Andy Allan <git@gravitystorm.co.uk>
	Wed, 3 Aug 2022 16:06:18 +0000 (17:06 +0100)