SECURITY.md

README.md

@@ -1 +1,3 @@
-# .github
+# .github
+
+StackHPC Github org-wide defaults and files.

SECURITY.md

@@ -0,0 +1,27 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Thank you for taking the time to improve StackHPC open source projects.
+
+We take security issues seriously and appreciate your time and efforts in making
+our code safer through coordinated vulnerability disclosure.
+
+If you believe you have found a security vulnerability in any StackHPC repository,
+please use email [email protected] to notify us privately.
+
+### What to Include in Your Report
+To help us address the issue effectively, please include:
+- A clear and detailed description of the vulnerability.
+- Steps to reproduce the issue.
+- Any potential impact of the vulnerability.
+- Suggestions for mitigation, if possible.
+
+### Response Time
+We are committed to investigating and responding to reported vulnerabilities promptly.
+You can expect:
+- An acknowledgment of your report within 48 hours.
+- Updates as we progress on resolving the issue.
+- Notification when the issue is resolved.
+
+Thank you for helping us keep open source as secure as possible.