Add security policy (#12687)

* Add security policy Currently is hard to find where to report security issues, the only mention of it is in the issue template. https://github.com/vim/vim/blob/4c0089d696b8d1d5dc40568f25ea5738fa5bbffb/.github/ISSUE_TEMPLATE/bug_report.yml?plain=1#L12-L15 Adding a SECURITY.md file will make it easier to find, it will be displayed in https://github.com/vim/vim/security. * Mention that reports are private
author: Santos Gallegos <stsewd@proton.me> 2023-08-09 13:11:37 -0500
committer: GitHub <noreply@github.com> 2023-08-09 20:11:37 +0200
commit: 6ec7808c4a469d1fe22101f75e4d9abc269823a6 (patch)
tree: 612b989718d3025a131299b86eb27fb68717f535 /SECURITY.md
parent: c41b3c9f95ac57646804977edea496705618cc93 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..7d9c77d275
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+If you want to report a security issue, please use [huntr.dev](https://huntr.dev/bounties/disclose?target=https%3A%2F%2Fgithub.com%2Fvim%2Fvim) to privately disclose the issue to us.
+They also have rewards in the form of money, swag and CVEs.
+
+**Please don't publicly disclose the issue until it has been addressed by us.**
author	Santos Gallegos <stsewd@proton.me>	2023-08-09 13:11:37 -0500
committer	GitHub <noreply@github.com>	2023-08-09 20:11:37 +0200
commit	6ec7808c4a469d1fe22101f75e4d9abc269823a6 (patch)
tree	612b989718d3025a131299b86eb27fb68717f535 /SECURITY.md
parent	c41b3c9f95ac57646804977edea496705618cc93 (diff)