Merge pull request #151 from IviFoundation/users/abarreto/security

SSDF page (security.md)

Author: alejandro5042

site/About-the-Foundation/security-reporting.md

@@ -0,0 +1,41 @@
+---
+layout: default
+parent: About
+title: Security Reporting
+nav_order: 7
+---
+
+# Reporting a Security Issue
+
+The IVI Foundation is committed to providing secure software to its users. We take security seriously and appreciate the efforts of users and security researchers to help us improve the security of our software.
+
+We encourage the community to report any vulnerabilities they may discover and participate in their resolution.
+
+## Responsible Disclosure
+
+To report security issues, contact us at:
+
+<[email protected]>
+
+Please include the following information in your report:
+
+1. A clear description of the issue and steps to reproduce it
+2. Name and version of the software with the security issue
+3. Name and version of the operating system in use
+4. Name and version of any security tools used to discover this issue (if any)
+
+Your report is private and we will not disclose your identity without consent.
+
+When we receive a report, we shall:
+
+1. Confirm the receipt of the report; typically within a business day
+2. Assign a person to investigate the issue
+3. Provide an estimated time frame for the resolution of the issue (typically within 30 days)
+4. Keep you informed on the progress of the investigation
+5. Work with you to coordinate releasing updated components that minimizes the risk to our users
+
+If you desire, we will acknowledge your role in finding and resolving the issue in any public discloure.
+
+## Getting Help
+
+For security-related inquiries, please email us at <[email protected]>.