mirror of
https://github.com/ash-project/ash.git
synced 2024-09-20 13:33:20 +12:00
18 lines
1.3 KiB
Markdown
18 lines
1.3 KiB
Markdown
|
# Security Policy
|
||
|
|
||
|
[![OpenSSF Vulnerability Disclosure](https://img.shields.io/badge/OpenSSF-Vulnerability_Disclosure-green)](https://github.com/ossf/oss-vulnerability-guide/blob/main/finder-guide.md)
|
||
|
[![GitHub Report](https://img.shields.io/badge/GitHub-Security_Advisories-blue)](https://github.com/ash-project/ash/security/advisories/new)
|
||
|
[![Email Report](https://img.shields.io/badge/Email-security%40ash-hq.org-blue)](mailto:security@ash-hq.org)
|
||
|
|
||
|
This repository follows the [OpenSSF Vulnerability Disclosure guide](https://github.com/ossf/oss-vulnerability-guide/tree/main). You can learn more about it in the [Finders Guide](https://github.com/ossf/oss-vulnerability-guide/blob/main/finder-guide.md).
|
||
|
|
||
|
Please report vulnerabilities via the [GitHub Security Vulnerability Reporting](https://github.com/ash-project/ash/security/advisories/new)
|
||
|
or via email to [`security@ash-hq.org`](mailto:security@ash-hq.org) if this does not work for you.
|
||
|
|
||
|
Someone from the core team respond within 3 working days of your
|
||
|
report. If the issue is confirmed as a vulnerability, we will open a Security
|
||
|
Advisory. This project follows a 90 day disclosure timeline.
|
||
|
|
||
|
If you have questions about reporting security issues, email the vulnerability
|
||
|
management team: [`security@erlef.org`](mailto:security@erlef.org)
|