Add security policy (lensapp#2387)

jakolehm · web-flow · commit 0765bcee9cd8 · 2021-03-25T17:19:45.000+02:00
* add security policy

Signed-off-by: Jari Kolehmainen &lt;jari.kolehmainen@gmail.com&gt;

* tweak

Signed-off-by: Jari Kolehmainen &lt;jari.kolehmainen@gmail.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Team Lens encourages users who become aware of a security vulnerability in Lens to contact Team Lens with details of the vulnerability. Team Lens has established an email address that should be used for reporting a vulnerability. Please send descriptions of any vulnerabilities found to security@k8slens.dev. Please include details on the software and hardware configuration of your system so that we can duplicate the issue being reported.
+
+Team Lens hopes that users encountering a new vulnerability will contact us privately as it is in the best interests of our users that Team Lens has an opportunity to investigate and confirm a suspected vulnerability before it becomes public knowledge.
+
+In the case of vulnerabilities found in third-party software components used in Lens, please also notify Team Lens as described above.
