[irods#7618] Document process for reporting security vulnerabilities.

korydraughn · Apr 1, 2024 · 09230e3 · 09230e3
1 parent f36e099
commit 09230e3
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,10 @@ Funders have included DARPA, NSF, DOD, DOE, LC, NARA, NASA, NOAA, USPTO, and LLN
 
 iRODS is released under a 3-clause BSD License.
 
+## Reporting Security Vulnerabilities
+
+See [SECURITY.md](SECURITY.md) for details.
+
 ## Links to elsewhere...
 
  - [https://github.com/irods](https://github.com/irods)

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Reporting Security Vulnerabilities
+
+The iRODS Consortium takes security very seriously. If you feel you've discovered a vulnerability, please send an email to [[email protected]](mailto:[email protected]).
+
+The iRODS Consortium and the community greatly appreciate you taking the time to submit your findings.