Kokkos Kernels: initial security policy (#2220)

We state were patches will be made and how to report security vulnerabilities to the project.
kokkos · May 29, 2024 · ee70433 · ee70433
1 parent 726375a
commit ee70433
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Kokkos Kernels will issue vulnerability fixes in the develop branch of the project repository.
+Typically a patch release will be issued shortly after a vulnerability is detected and fixed.
+The project does not typically issue patch releases for older versions and if it happens, announcements will be made on our website and/or slack channel.
+
+## Reporting a Vulnerability
+
+To report a security issue, please email [email protected] and [email protected] with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+Our vulnerability management team will respond within 5 working days of your email.
+If the issue is confirmed as a vulnerability, we will open a Security Advisory.
+This project follows a 90 day disclosure timeline.