Add SECURITY.md.

Adds minimal security policy info to SECURITY.md. This allows Github to advertise the security policy doc for the repo. See: https://github.blog/changelog/2019-05-23-security-policy/ See: https://help.github.com/en/articles/adding-a-security-policy-to-your-repository PiperOrigin-RevId: 273214306
author: Ian Lewis <ianlewis@google.com> 2019-10-06 21:06:53 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-10-06 21:08:11 -0700
commit: 5ac2cc54918c480bd40ec3f05c9ce93a2d7afa99 (patch)
tree: 64c65dc49a8982b9357ea92a9398936081783042 /SECURITY.md
parent: f24c3188b5d57b370ff048c87420a7f56a48b5b8 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..154d68cb3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security and Vulnerability Reporting
+
+Sensitive security-related questions, comments, and reports should be sent to
+the [gvisor-security mailing list][gvisor-security-list]. You should receive a
+prompt response, typically within 48 hours.
+
+Policies for security list access, vulnerability embargo, and vulnerability
+disclosure are outlined in the [community][community] repository.
+
+[community]: https://gvisor.googlesource.com/community
+[gvisor-security-list]: https://groups.google.com/forum/#!forum/gvisor-security
author	Ian Lewis <ianlewis@google.com>	2019-10-06 21:06:53 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-10-06 21:08:11 -0700
commit	5ac2cc54918c480bd40ec3f05c9ce93a2d7afa99 (patch)
tree	64c65dc49a8982b9357ea92a9398936081783042 /SECURITY.md
parent	f24c3188b5d57b370ff048c87420a7f56a48b5b8 (diff)