Merge pull request #3 from fastly/tyler/add-security-notes

tyler · web-flow · commit 4468dd181685 · 2020-04-06T15:51:56.000-07:00
Add document describing security procedures
diff --git a/.github/ISSUE_TEMPLATE/blank-issue.md b/.github/ISSUE_TEMPLATE/blank-issue.md
@@ -0,0 +1,9 @@
+---
+name: Blank Issue
+about: Create a blank issue.
+title: ''
+labels: ''
+assignees: ''
+
+---
+
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+## Report a security issue
+
+Fastly welcomes security reports and is committed to providing prompt attention to security issues. Security issues should be reported privately via [Fastly’s security issue reporting process](https://www.fastly.com/security/report-security-issue). 
+
+## Security advisories
+
+Remediation of security vulnerabilities is prioritized. The project team endeavors to coordinate remediation with third-party stakeholders, and is committed to transparency in the disclosure process. The team announces security issues via release notes as well as the [RustSec advisory database](https://github.com/RustSec/advisory-db) (i.e. `cargo-audit`) on a best-effort basis.
+
+Note that communications related to security issues in Fastly-maintained OSS as described here are distinct from [Fastly Security Advisories](https://www.fastly.com/security-advisories).
