Merge pull request #16 from cloudflare/kenton/beta

kentonv · web-flow · commit f69d056a54b7 · 2025-03-24T15:30:16.000-05:00
EXPERIMENTAL -&gt; Beta
diff --git a/README.md b/README.md
@@ -2,9 +2,9 @@
 
 This is a TypeScript library that implements the provider side of the OAuth 2.1 protocol with PKCE support. The library is intended to be used on Cloudflare Workers.
 
-## EXPERIMENTAL
+## Beta
 
-As of March, 2025, this library is very new. Please use with caution as additional security reviews are still in progress.
+As of March, 2025, this library is very new, prerelease software. The API is still subject to change.
 
 ## Benefits of this library
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+https://www.cloudflare.com/disclosure
+
+## Reporting a Vulnerability
+
+* https://hackerone.com/cloudflare
+  * All Cloudflare products are in scope for reporting. If you submit a valid report on bounty-eligible assets through our disclosure program, we will transfer your report to our private bug bounty program and invite you as a participant.
+* `mailto:security@cloudflare.com`
+  * If you'd like to encrypt your message, please do so within the the body of the message. Our email system doesn't handle PGP-MIME well.
+  * https://www.cloudflare.com/gpg/security-at-cloudflare-pubkey-06A67236.txt
+
+All abuse reports should be submitted to our Trust & Safety team through our dedicated page: https://www.cloudflare.com/abuse/
+
