summary refs log tree commit diff
path: root/SECURITY.md
diff options
context:
space:
mode:
Diffstat (limited to 'SECURITY.md')
-rw-r--r--SECURITY.md18
1 files changed, 15 insertions, 3 deletions
diff --git a/SECURITY.md b/SECURITY.md
index 5aece3648..b690909f3 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,17 @@
-# Reporting a security issue
+# Security Policy
 
-If you would like to report something you believe to be a security issue, then please use feedback-crypto@bouncycastle.org.
+## Reporting a Vulnerability
 
-We can provide a PGP key if required.
+If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org)
+
+Describe the issue including all details, for example: 
+* Short summary of the problem
+* Steps to reproduce
+* Affected API versions
+* Logs if available 
+
+The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. 
+
+If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. 
+
+Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory.