Merge pull request #259 from canonical/IAM-1084

nsklikas · web-flow · commit 903c38cdc053 · 2025-04-28T11:57:17.000+02:00
Add SECURITY.md
diff --git a/README.md b/README.md
@@ -66,11 +66,10 @@ The image used by this charm is hosted
 on [GitHub container registry](ghcr.io/canonical/identity-platform-login-ui) and
 maintained by Canonical Identity Team.
 
-### Security
+## Security
 
-Security issues in IAM stack can be reported
-through [LaunchPad](https://wiki.ubuntu.com/DebuggingSecurity#How%20to%20File).
-Please do not file GitHub issues about security issues.
+Please see [SECURITY.md](https://github.com/canonical/identity-platform-login-ui-operator/blob/main/SECURITY.md)
+for guidelines on reporting security issues.
 
 ## Contributing
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,6 @@
+# Security policy
+
+## Reporting a vulnerability
+To report a security issue, file a [Private Security Report](https://github.com/canonical/identity-platform-login-ui-operator/security/advisories/new) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+The [Ubuntu Security disclosure and embargo policy](https://ubuntu.com/security/disclosure-policy) contains more information about what you can expect when you contact us and what we expect from you.
