You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: SECURITY.md
+30Lines changed: 30 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -39,3 +39,33 @@ We prefer all communications to be in English.
39
39
Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd).
40
40
41
41
<!-- END MICROSOFT SECURITY.MD BLOCK -->
42
+
# Security Policy
43
+
44
+
## Supported Versions
45
+
46
+
We release patches for security vulnerabilities. Which versions are eligible for receiving such patches depends on the CVSS v3.0 Rating:
47
+
48
+
| Version | Supported |
49
+
| ------- | ------------------ |
50
+
| 1.0.x |:white_check_mark:|
51
+
| < 1.0 |:x:|
52
+
53
+
## Reporting a Vulnerability
54
+
55
+
If you discover a security vulnerability, please follow these steps:
56
+
57
+
1.**Do not open an issue**: This ensures that the vulnerability is not publicly disclosed before a fix is available.
58
+
2.**Send an email to [[email protected]](mailto:[email protected])**: Provide as much detail as possible about the vulnerability and how it can be exploited.
59
+
3.**Expect a response within 48 hours**: We will acknowledge the receipt of your report and provide a timeline for a fix.
60
+
61
+
## Security Updates
62
+
63
+
We will notify users about security updates through:
64
+
65
+
- GitHub Releases
66
+
- Email notifications (if subscribed)
67
+
68
+
## Security Resources
69
+
70
+
-[OWASP Top Ten](https://owasp.org/www-project-top-ten/)
71
+
-[CWE/SANS Top 25](https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html)
0 commit comments