From a7db37363b65bce2156effc7b92d28d73e940797 Mon Sep 17 00:00:00 2001 From: Luciano Bello Date: Thu, 16 Feb 2023 17:26:57 +0100 Subject: [PATCH] Add SECURITY.md to document security policy (#9589) This commit adds a SECURITY.md file to the repository to document the security policy for the project. We recently enabled the private security advisories feature on the repository (which is a relatively new "beta" feature in github). Since we now have a place to privately raise potential security issues it is good to have a documented policy on how security vulnerabilities should be reported and our support policy for the versions we will fix (which is just the latest release series). Over time we can adjust this policy as needed. Co-authored-by: Eric Arellano <14852634+Eric-Arellano@users.noreply.github.com> Co-authored-by: Matthew Treinish --- SECURITY.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000000..68fb4be5845f --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +Qiskit (and `qiskit-terra`) supports one minor version release at a time, both for bug and +security fixes. For example, if the most recent release is 0.12.1, then the 0.12.x +release series is currently supported. + +## Reporting a Vulnerability + +To report vulnerabilities, you can privately report a potential security issue +via the Github security vulnerabilities feature. This can be done here: + +https://github.com/Qiskit/qiskit-terra/security/advisories + +Please do **not** open a public issue about a potential security vulnerability. + +You can find more details on the security vulnerability feature in the Github +documentation here: + +https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability