Create SECURITY.md (#1909)

colorful-tones · web-flow · commit 8570324a91a4 · 2024-11-15T17:08:25.000-05:00
Providing a clear security policy ensures that the community will know how to report a vulnerability should they find one, which also signals trust in our codebase and standards. https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,37 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of this project are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.3.1   | :white_check_mark: |
+| <1.3.0  | :x:                |
+
+WP Engine takes the security of our software and services seriously, including all
+of the open-source code repositories managed through our
+[WP Engine organization](https://github.com/wpengine).
+
+## Reporting Security Issues
+
+If you believe you have found a security vulnerability in any Alley-owned
+repository, please report it to us via email at opensource@wpengine.com.
+
+**Please do not report security vulnerabilities through public GitHub issues,
+discussions, or pull requests.**
+
+Please include as much of the information listed below as you can to help us
+better understand and resolve the issue:
+
+- The type of issue (e.g., buffer overflow, SQL injection, or cross-site
+  scripting).
+- Full paths of the source file(s) related to the manifestation of the issue.
+- The location of the affected source code (tag/branch/commit or direct URL).
+- Any special configuration required to reproduce the issue.
+- Step-by-step instructions to reproduce the issue.
+- Proof-of-concept or exploit code (if possible).
+- Impact of the issue, including how an attacker might exploit the issue.
+
+This information will help us triage your report more quickly. Thank you for
+helping us keep WP Engine and our users safe!
