Create SECURITY.md (#1719)

rotemreiss · YunFeng0817 · pauldambra · web-flow · commit 0bceef6a15ca · 2025-08-05T01:28:23.000-07:00
* Create SECURITY.md

* Format fix

* Update SECURITY.md

* Update SECURITY.md

* Update SECURITY.md

Co-authored-by: Paul D'Ambra &lt;paul.dambra@gmail.com&gt;

* Update SECURITY.md

mention the google group is private

* Update SECURITY.md

* Update SECURITY.md

formatting

---------

Co-authored-by: Yun Feng &lt;yun.feng0817@gmail.com&gt;
Co-authored-by: Paul D'Ambra &lt;paul.dambra@gmail.com&gt;
Co-authored-by: Eoghan Murray &lt;eoghan@getthere.ie&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Vulnerability Disclosure Policy
+
+This document outlines rrweb's vulnerability disclosure policy.
+
+## Reporting a Vulnerability
+
+Please do not report security vulnerabilities through public GitHub issues.
+Instead, please report them to our GitHub Security page. If you prefer to submit one without using GitHub, you can also email the
+private Google Group rrweb-security@googlegroups.com, which will go to the core team members only. We commit to acknowledging
+vulnerability reports and will work to fix active vulnerabilities as soon as we can (noting this is a community run project).
+
+We will publish resolved vulnerabilities as security advisories on our GitHub security page.
+
+We appreciate your help in making rrweb more secure for everyone.
+Thank you for your support and responsible disclosure.
