From 462fcb3234ae567fa994c6827ce57966f8381d3b Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 20 Mar 2023 15:46:42 -0300 Subject: [PATCH 1/2] Create SECURITY.md Signed-off-by: Joyce --- SECURITY.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..d0a79a1792 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,5 @@ +# Security Policy + +To report a security issue, please disclose it at [security advisory](https://github.com/java-native-access/jna/security/advisories/new). + +We will respond within 7 working days of your submission. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline. From b5289039f4bc459ddd6cb299c8fa854fa7446c40 Mon Sep 17 00:00:00 2001 From: Joyce Date: Fri, 24 Mar 2023 09:45:36 -0300 Subject: [PATCH 2/2] Update SECURITY.md to use tidelift Signed-off-by: Joyce --- SECURITY.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index d0a79a1792..bb91312cc0 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,5 +1,9 @@ # Security Policy -To report a security issue, please disclose it at [security advisory](https://github.com/java-native-access/jna/security/advisories/new). +## Supported Versions -We will respond within 7 working days of your submission. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline. +Security updates are applied only to the latest release. + +## Reporting a Vulnerability + +Tidelift acts as the security contact for this open-source project. To make a report, please email the security team at [security@tidelift.com](mailto:security@tidelift.com). Please do not create a public GitHub issue. See [tidelift.com/security](https://tidelift.com/security) for details and more options.