Add a security policy

Hey, it's Pedro and I'm back (see #177) with another security suggestion!

A security policy (SECURITY.md) is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities. [GitHub recommends](https://docs.github.com/en/code-security/getting-started/securing-your-repository#setting-a-security-policy) that projects have one.

The security policy can be found by users who enter the project's "Security" panel. Having a policy file also adds a reference to it in the "New issue" page.

There are two main ways to receive such disclosures:
- register an email or website available to receive such reports; and/or
- use [GitHub's private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository) feature (in beta)

If you want to use GitHub's reporting system, it must be activated for the repository:
1. Open the repo's settings
2. Click on [Code security & analysis](https://github.com/go-logr/logr/settings/security_analysis)
3. Click "Enable" for "Private vulnerability reporting (Beta)"

I'll send a PR with a draft policy along with this issue. You could also create a https://github.com/go-logr/.github repository and add the policy there, in which case the policy will be available in all of the org's projects.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add a security policy #179

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development