Create SECURITY.md

flanglet · web-flow · commit 9f5059091fca · 2024-11-05T12:27:50.000-08:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+Security updates are applied only to the latest release.
+
+## Vulnerability Definition
+
+A security vulnerability is a bug that, given a certain input, triggers a crash or an infinite loop. Compression and decompression failures do not belong in this category.
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.** If you have discovered a security vulnerability in this project, report it privately.
+
+Please disclose it at [security advisory](https://github.com/flanglet/kanzi-cpp/security/advisories/new).
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+* Operating system
+* Hardware: CPU, memory
+* Kanzi version
+* Command line invoked
+* Error reported/crash data/log output
+
+If possible provide a minimal reproducer.
