Merge pull request #2976 from opentensor/feat/roman/add-SECURITY.md

basfroman · web-flow · commit ea3159f02e31 · 2025-07-17T13:17:19.000-07:00
Add SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,42 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in the Bittensor protocol, SDK, or any of its components, we strongly encourage you to report it responsibly.
+
+Please **do not publicly disclose** the vulnerability until we have had a reasonable chance to address it.
+
+### 🔐 Confidential Reporting
+
+To report a vulnerability, you can use any of the following methods:
+
+- Create a [GitHub Issue](https://github.com/opentensor/bittensor/issues) using the `Security` label or title.
+
+- Contact us via our official Discord support thread: [#btcli-btsdk](https://discord.com/channels/1120750674595024897/1242999357436071956)
+
+### 🧾 What to Include
+
+When reporting a vulnerability, please provide as much detail as possible:
+
+- Affected component (e.g., `bittensor`, `bittensor-cli`, `bittensor-wallet`, etc.)
+- Version or commit hash
+- Description of the vulnerability
+- Steps to reproduce (if possible)
+- Impact assessment
+- Any potential mitigations or recommendations
+
+---
+
+## Response Process
+
+1. We will acknowledge your report within **48 hours**.
+2. We will investigate and confirm the issue.
+3. If confirmed, we will coordinate on a fix and set an embargo period if needed.
+4. A fix will be developed, tested, and released as soon as possible.
+5. You will be credited (if you wish) in the security section of our release notes.
+
+---
+
+## Thank You
+
+We appreciate your efforts in keeping the Bittensor ecosystem secure and responsible.  
