From 7f7d0feb3090476ebab260f62369ffe3aed14bb5 Mon Sep 17 00:00:00 2001 From: John Jediny Date: Fri, 16 Feb 2024 11:38:20 -0500 Subject: [PATCH] Create SECURITY.md --- SECURITY.md | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..effd2b218 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,32 @@ +# Security Policy + +As a U.S. Government agency, the General Services Administration (GSA) takes +seriously our responsibility to protect the public's information, including +financial and personal information, from unwarranted disclosure. + +## Reporting a Vulnerability + +Services operated by the U.S. General Services Administration (GSA) +are covered by the **GSA Vulnerability Disclosure Program (VDP)**. + +See the [GSA Vulnerability Disclosure Policy](https://gsa.gov/vulnerability-disclosure-policy) +at for details including: + +* How to submit a report if you believe you have discovered a vulnerability. +* Bug bounty scope. +* GSA's coordinated disclosure policy. +* Information on how you may conduct security research on GSA developed + software and systems. +* Important legal and policy guidance. + +## Supported Versions + +Please note that only certain branches are supported with security updates. + +| Version (Branch) | Supported | +| ---------------- | ------------------ | +| main | :white_check_mark: | +| other | :x: | + +When using this code or reporting vulnerabilities please only use supported +versions.