Create SECURITY.md

author: Tobias Kaminsky <tobias@kaminsky.me> 2021-06-14 12:52:33 +0300
committer: GitHub <noreply@github.com> 2021-06-14 12:52:33 +0300
commit: 2e98dcd11dd264a0f5d370495eca829f97b84d18 (patch)
tree: 8a048c05bcaccb9bb4e298587833bafbf2f1ddcb /SECURITY.md
parent: 830bc3703caa833e350ec36b206ea1a638afb532 (diff)
1 files changed, 24 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..276e201397
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version is supported. We release every second month a feature release (currently 3.x) and inbetween a bug fix release (3.x.y).
+
+## Reporting a Vulnerability
+
+Security is very important to us. If you have discovered a security issue with Nextcloud,
+please read our responsible disclosure guidelines and contact us at [hackerone.com/nextcloud](https://hackerone.com/nextcloud).
+Your report should include:
+
+- Product version
+- A vulnerability description
+- Reproduction steps
+
+A member of the security team will confirm the vulnerability, determine its impact, and develop a fix.
+The fix will be applied to the master branch, tested, and packaged in the next bug fix release.
+The vulnerability will be publicly announced after the release. Finally, your name will be added
+to the [hall of fame](https://hackerone.com/nextcloud/thanks) as a thank you from the entire Nextcloud community. Note our 
+[threat model](https://nextcloud.com/security/threat-model) to know what is expected behavior.
+
+
+Please visit https://nextcloud.com/security/ for further information about security.
author	Tobias Kaminsky <tobias@kaminsky.me>	2021-06-14 12:52:33 +0300
committer	GitHub <noreply@github.com>	2021-06-14 12:52:33 +0300
commit	2e98dcd11dd264a0f5d370495eca829f97b84d18 (patch)
tree	8a048c05bcaccb9bb4e298587833bafbf2f1ddcb /SECURITY.md
parent	830bc3703caa833e350ec36b206ea1a638afb532 (diff)