Merge pull request #2352 from authzed/security-md

miparnisari · web-flow · commit 3566ae01df95 · 2025-04-23T18:25:02.000Z
add security policy
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+All AuthZed products operate under a security embargo program. This means that vulnerabilities are privately reported, analyzed for applicability, notice is given, and a resolution is created and distributed. The issue is only made public once those affected in the embargo program have enough time to address the issue or have accepted the risks.
+
+If you discover a vulnerability, avoid posting it publicly. Please report it by sending an email to <security@authzed.com>. For more details on how to report, see <https://authzed.com/docs/authzed/concepts/security-embargo>

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +# Security Policy
++
 +All AuthZed products operate under a security embargo program. This means that vulnerabilities are privately reported, analyzed for applicability, notice is given, and a resolution is created and distributed. The issue is only made public once those affected in the embargo program have enough time to address the issue or have accepted the risks.
++
 +If you discover a vulnerability, avoid posting it publicly. Please report it by sending an email to <[email protected]>. For more details on how to report, see <https://authzed.com/docs/authzed/concepts/security-embargo>