docs: add SECURITY.md (#465)

Signed-off-by: Diana Lau <dhmlau@ca.ibm.com>
2022-03-29 11:29:15 -04:00 · 2022-03-29 11:29:15 -04:00 · f8f40a1199
parent e14c26e9cf
commit f8f40a1199
1 changed files with 19 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,19 @@
+# Security Policy
+
+## Security advisories
+
+Security advisories can be found on the
+[LoopBack website](https://loopback.io/doc/en/sec/index.html).
+
+## Reporting a vulnerability
+
+If you think you have discovered a new security issue with any LoopBack package,
+**please do not report it on GitHub**. Instead, send an email to
+[security@loopback.io](mailto:security@loopback.io) with the following details:
+
+- Full description of the vulnerability.
+- Steps to reproduce the issue.
+- Possible solutions.
+
+If you are sending us any logs as part of the report, then make sure to redact
+any sensitive data from them.