Merge pull request electron#8540 from electron/SECURITY.md

kevinsawicki · web-flow · commit 5e78330c6d15 · 2017-02-10T13:27:50.000-08:00
Add SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,9 @@
+# Reporting Security Issues
+
+The Electron team and community take security bugs in Electron seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
+
+To report a security issue, email [electron@github.com](mailto:electron@github.com) and include the word "SECURITY" in the subject line.
+
+The Electron team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [Node Security Project](https://nodesecurity.io/report).
diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
@@ -20,6 +20,11 @@ display primarily local content (or trusted, secure remote content without Node
 integration) – if your application executes code from an online source, it is
 your responsibility to ensure that the code is not malicious.
 
+## Reporting Security Issues
+
+For information on how to properly disclose an Electron vulnerability,
+see [SECURITY.md](https://github.com/electron/electron/tree/master/SECURITY.md)
+
 ## Chromium Security Issues and Upgrades
 
 While Electron strives to support new versions of Chromium as soon as possible,
