stackhpc · axelsimon · Apr 11, 2025 · Apr 11, 2025 · Jun 2, 2025
@@ -1 +1,3 @@
-# .github
+# .github
+
+StackHPC Github org-wide defaults and files.
@@ -0,0 +1,32 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Thank you for taking the time to improve StackHPC open sourcec projects.
+
+We take security issues seriously and appreciate your time and efforts in making 
+our open source projects safer through coordinated vulnerability disclosure.
+
+If you believe you have found a security vulnerability in this repository,
+please use the built-in **"Report a vulnerability"** feature to notify us privately:
+1. Navigate to the **Security** tab at the top of this repository.
+2. Click on the **"Report a vulnerability"** button.
+3. Fill out the form with details about the vulnerability and submit it.
+
+This ensures that only repository maintainers and authorized personnel can view the report.
+
+### What to Include in Your Report
+To help us address the issue effectively, please include:
+- A clear and detailed description of the vulnerability.
+- Steps to reproduce the issue.
+- Any potential impact of the vulnerability.
+- Suggestions for mitigation, if possible.
+
+### Response Time
+We are committed to investigating and responding to reported vulnerabilities promptly. 
+You can expect:
+- An acknowledgment of your report within 48 hours.
+- Updates as we progress on resolving the issue.
+- Notification when the issue is resolved.
+
+Again, thank you for helping us keep our projects as secure as possible.