diff options
author | Tatu Saloranta <tatu.saloranta@iki.fi> | 2020-03-21 13:55:57 -0700 |
---|---|---|
committer | Tatu Saloranta <tatu.saloranta@iki.fi> | 2020-03-21 13:55:57 -0700 |
commit | b9fd1ec6503f02ae7d5fcd147ca10c3e974a4491 (patch) | |
tree | 87183ee9f22d788f7c2ad4e9ea73e3e742bab502 | |
parent | 4dc66a0abe053dbff84946656770e8bacbce349d (diff) | |
download | jackson-annotations-b9fd1ec6503f02ae7d5fcd147ca10c3e974a4491.tar.gz |
add SECURITY.md for security disclosures
-rw-r--r-- | SECURITY.md | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..917abf3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +Last Updated: 2020-03-21 + +## Reporting a Vulnerability + +In unlikely event of finding a security vulnerability directly relating to `jackson-annotations` +package -- unlikely, as there is very little code in this package -- +the recommended mechanism for reporting possible security vulnerabilities follows +so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://vuls.cert.org/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance) +for general idea). The first step is to file a [Tidelift security contact](https://tidelift.com/security): +Tidelift will route all reports via their system to maintainers of relevant package(s), and start the +process that will evaluate concern and issue possible fixes, send update notices and so on. +Note that you do not need to be a Tidelift subscriber to file a security contact. + |