Security Vulnerability Reporting

2023-10-30 12:29:40 -07:00 · 2023-10-30 12:29:40 -07:00 · a29b07fa73
parent 39fbfd8e0c
commit a29b07fa73
1 changed files with 25 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+The following is a list of versions the development team is currently supporting.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.4.x   | :white_check_mark: |
+| 1.3.3   | :white_check_mark: |
+| < 1.3   | :x:                |
+
+## Reporting a Vulnerability
+
+We currently only receive security vulnerability reports through GitHub.
+
+To begin a report, please go to the top-level repository, for example, PX4/PX4-Autopilot,
+and click on the Security tab. If you are on mobile, click the ... dropdown menu, and then click Security.
+
+Click Report a Vulnerability to open the advisory form. Fill in the advisory details form.
+Make sure your title is descriptive, and the development team can find all of the relevant details needed
+to verify on the description box. We recommend you add as much data as possible. We welcome logs,
+screenshots, photos, and videos, anything that can help us verify and identify the issues being reported.
+
+At the bottom of the form, click Submit report. The maintainer team will be notified and will get back to you ASAP.