Merge pull request #10 from mobilecoinofficial/feature/security-policy

add security policy
mobilecoinofficial · Feb 22, 2023 · e3c7101 · e3c7101
2 parents 47752c1 + b2b9fc4
commit e3c7101
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,3 +8,5 @@ bin/
 .direv/
 .direnv/
 *.tgz
+
+*~
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Audits and Analyses
+
+We greatly welcome security audits and analysis of our projects.
+
+We are happy to work with you in assessing potential issues and in
+developing effective secure solutions.
+
+Should you find anything of concern, please feel free to email us at
+[security@mobilecoin.com](mailto:security@mobilecoin.com). We
+appreciate responsible disclosure and are happy to collaborate on
+timed announcements to credit you for your research discovery.
+
+## Out of Scope
+
+Anything in `/vendor` is out-of-scope from our perspective, although
+we are happy to help coodinate talking to the respective parties in
+control of upstream maintenance of works and/or libraries which we
+depend upon.
+
+Also out-of-scope is hardware security issues with particular devices.
+For example, should a certain chipset utilised by a vendor be subject
+to timing attacks, fault injection attacks, etc., this is not within
+scope.
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,3 +8,5 @@ bin/ @@
     .direv/
     .direnv/
     *.tgz
+    *~