Merge pull request #386 from kate-goldenring/securitymd

kate-goldenring · web-flow · commit f7615620115c · 2025-04-03T11:18:59.000-07:00
chore: add a security policy
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security
+
+## Reporting a Vulnerability
+
+The Spin Framework team and community take security vulnerabilities very seriously. If you find a security related issue with Spin Operator, we kindly ask you to report it [through the GitHub project](https://github.com/spinframework/spin-operator/security). All reports will be thoroughly investigated by the Spin Framework maintainers.
+
+## Disclosure
+
+We will disclose any security vulnerabilities in our [Security Advisories](https://github.com/spinframework/spin-operator/security/advisories).
+
+All vulnerabilities and associated information will be treated with full confidentiality. We are thankful for your efforts in keeping the Spin Operator secure, and we will publicly acknowledge your contributions if you wish.
