Create security policy in SECURITY.md

Currently tells folks just to email me or MusikAnimal
NovemLinguae · Jan 11, 2020 · a225a5f · a225a5f
1 parent 3035c12
commit a225a5f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -19,6 +19,8 @@ A good bug report will include:
 - What you think *should* have happened.
 - Anything you can find in your [browser's console window][jserrors].
 
+If you believe you have found a security issue, follow the guidelines in [SECURITY.md](./SECURITY.md).
+
 ## Contributing a pull request
 ### Getting started
 

diff --git a/README.md b/README.md
@@ -8,7 +8,7 @@ See [Wikipedia:Twinkle][] on the English Wikipedia for more information.
 
 ## How to file a bug report or feature request
 
-If you're unsure whether you are experiencing a Twinkle-based bug, you should first try asking at [Wikipedia talk:Twinkle][], where other editors may assist you.  Bugs may be filed either here or at [Wikipedia talk:Twinkle][].  For simple feature requests or changes (e.g., a template was deleted or renamed) feel free to open an issue or pull request here, but for more significant changes, consider discussing the idea on [Wikipedia talk:Twinkle][] and any relevant pages first to ensure there is consensus for the change and to get broader community input.
+If you're unsure whether you are experiencing a Twinkle-based bug, you should first try asking at [Wikipedia talk:Twinkle][], where other editors may assist you.  Bugs may be filed either here or at [Wikipedia talk:Twinkle][].  For simple feature requests or changes (e.g., a template was deleted or renamed) feel free to open an issue or pull request here, but for more significant changes, consider discussing the idea on [Wikipedia talk:Twinkle][] and any relevant pages first to ensure there is consensus for the change and to get broader community input.  If you believe you have found a security issue, follow the guidelines in [SECURITY.md](./SECURITY.md).
 
 If you'd like to start contributing, awesome!  Check out [CONTRIBUTING.md](CONTRIBUTING.md) to get started!
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,12 @@
+# Reporting a security issue
+
+Although rare, we take security bugs in Twinkle seriously.
+
+If you believe you have found a security issue, please **privately** contact one or both of the currently-active maintainers:
+
+* @Amorymeltzer: [Email](https://en.wikipedia.org/wiki/Special:EmailUser/Amorymeltzer)
+* @MusikAnimal: [Email](https://en.wikipedia.org/wiki/Special:EmailUser/MusikAnimal)
+
+Please include "Twinkle Security" in the subject line and include as much information in the body as you are capable of providing.  We will respond as quickly as we are able with further steps.
+
+If one of use doesn't respond in a timely fashion, you can try to [contact another interface-admin](https://en.wikipedia.org/wiki/Special:ActiveUsers?groups=interface-admin&excludegroups=bot) with the same information.