NAME
    Software::Security::Policy - packages that provide templated Security
    Policys

VERSION
    version 0.08

SYNOPSIS
      use strict;
      use warnings;

      use Software::Security::Policy::Individual;

      my $policy = Software::Security::Policy::Individual->new({
        maintainer  => 'Timothy Legge <[email protected]>',
        program     => 'Software::Security::Policy',
        timeframe   => '7 days',
        url         => 'https://github.com/CPAN-Security/Software-Security-Policy/blob/main/SECURITY.md',
        perl_support_years   => '10',
      });

      print $policy->fulltext, "\n";

DESCRIPTION
    This is a framework for generating a SECURITY.md file to your Perl
    distributions that will let people know:

    1. How to contact the maintainers if they find a security issue with
    your software
    2. What software will be supported for security issues

    The contact point is very important for modules that have been around
    for a long time and have had several authors over the years. When there
    is a long list of maintainers, it's not clear who to contact.

    You don't want people reporting security vulnerabilities in public on
    the RT or GitHub issues for your project, nor do you want a post on IRC,
    Reddit or social media about it.

    If your software is on GitHub, you can set up private vulnerability
    <https://docs.github.com/en/code-security/security-advisories/working-wi
    th-repository-security-advisories/configuring-private-vulnerability-repo
    rting-for-a-repository> reporting. GitLab has a similar system.

    Otherwise, a single email address is acceptable. An alias that forwards
    to all of the maintainers or at the very least, a single maintainer who
    has agreed to that role will work.

    It's also important to realise as a maintainer that you are not on your
    own when you receive a vulnerability report. You are welcome and even
    encouraged to reach out to CPANSec for assistance triaging and fixing
    the issue, as well as handling notifications and reporting.

    The supported software version may seem obvious, but it's important to
    spell out: will you be updating only the latest version? What versions
    of Perl will you support? If your module uses or embeds other libraries,
    how will they be supported?

ATTRIBUTES
  program
    the name of software for use in the middle of a sentence

  Program
    the name of software for use in the beginning of a sentence

    "program" and "Program" arguments may be specified both, either one or
    none. Each argument, if not specified, is defaulted to another one, or
    to properly capitalized "this program", if both arguments are omitted.

METHODS
  summary
    This method returns a snippet of text, usually a few lines, indicating
    the maintainer as well as an indication of the policy under which the
    software is maintained.

  security_policy
    This method returns the full text of the policy.

  fulltext
    This method returns the complete text of the policy (summary and
    policy).

  name
    This method returns the name of the policy, suitable for shoving in the
    middle of a sentence, generally with a leading capitalized "The."

  version
    This method returns the version of the policy. If the security policy is
    not versioned, this method will return undef.

SEE ALSO
    The specific policy:

    Extra policys are maintained on CPAN in separate modules.

AUTHOR
    Timothy Legge <[email protected]>

COPYRIGHT AND LICENSE
    This software is copyright (c) 2025 by Timothy Legge
    <[email protected]>.

    This is free software; you can redistribute it and/or modify it under
    the same terms as the Perl 5 programming language system itself.