added more information about how to report security issues

palazzem · palazzem · commit 7cba4a5baa49 · 2016-03-21T16:26:40.000+01:00
diff --git a/README.rst b/README.rst
@@ -34,6 +34,16 @@ Contributing
 We love contributions, so please feel free to fix bugs, improve things, provide documentation. Just `follow the
 guidelines <https://django-oauth-toolkit.readthedocs.org/en/latest/contributing.html>`_ and submit a PR.
 
+Reporting security issues
+-------------------------
+
+If you believe you've found an issue with security implications, please send a detailed description via email to **security@evonove.it**.
+Mail sent to that address reaches the Django OAuth Toolkit core team, who can solve (or forward) the security issue as soon as possible. After
+our acknowledge, we may decide to open a public discussion in our mailing list or issues tracker.
+
+Once you’ve submitted an issue via email, you should receive a response from the core team within 48 hours, and depending on the action to be
+taken, you may receive further followup emails.
+
 Requirements
 ------------
 
