Add SECURITY.md

pbe-axelor · pbe-axelor · commit 3b5059c091c0 · 2023-04-05T10:35:06.000+02:00
Signed-off-by: Pierre Belloy &lt;p.belloy@axelor.com&gt;
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -14,6 +14,10 @@ there are a few guidelines we’d like you to follow:
 By submitting code as an individual you agree to the [individual contributor license agreement][individual-cla].
 By submitting code as an entity you agree to the [corporate contributor license agreement][corporate-cla].
 
+## Security issues
+
+If you believe you've found a security vulnerability, please read our [security policy](SECURITY.md) for more details.
+
 ## Reporting Issues
 
 Before you submit your issue search the archive, maybe your question was already answered.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# Reporting security issues
+
+To report a security vulnerability, please send a report to [security@axelor.com](mailto:security@axelor.com). 
+
+This address can be used for all of Axelor's products. Do not report non-security-impacting bugs through this channel.
+
+Provide a descriptive title and in the description of the report, include the following information :
+
+- Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and logs are all helpful).
+- Description of the effects of the vulnerability.
+- How the vulnerability affects the project usage.
+- The affected versions.
+
+While submitting, please remove or obfuscate any private data.
+
+After it has been submitted, the Security Team will investigate the vulnerability, determine its effects and 
+criticality and notify to the reporter.
+
