resolves #1438: Add SECURITY.md (#1440)

achantavy · web-flow · commit 7aef4fe67244 · 2025-01-16T15:19:39.000-05:00
### Summary > Describe your changes. Adds a security policy. ### Related issues or links > Include links to relevant issues or other pages. - #1438 Credit to https://github.com/falcosecurity/falco/security where I plagiarized the text from. I think it accomplishes what we need it to without introducing heavyweight process that we aren't ready for. Signed-off-by: Alex Chantavy <chantavy@gmail.com>
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,12 @@
+# Security Policy
+Cartography is a security tool, and its community of course takes security very seriously.
+
+We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contributions.
+
+## Supported versions
+Security updates will typically only be applied to the latest release (at least until Cartography reaches the first stable major version).
+
+## Reporting a vulnerability
+To report a security issue, email cncf-cartography-maintainers@lists.cncf.io and include the word "SECURITY" in the subject line.
+
+Maintainers will send a response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement and may ask for additional information or guidance.
