Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions .github/SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Security Policy

Python Security Response Team (PSRT) members balance security work against many
other responsibilities. Please be thoughtful about the time and attention your
report requires. Repeated failure to respect this will result in future reports
being rejected, or the reporter being banned from the `python` GitHub organization,
regardless of technical merit.

## Reporting a Vulnerability

Submit a vulnerability report using GitHub Security Advisories.

Reports should be a few sentences describing the vulnerability. Ideally include
a proof-of-concept script that reproduces the issue and provides a clear
indication of whether the vulnerability is still present. Reports must be
plain-text only, including attachments. No PDFs, binaries, notebooks, or other
files that cannot be safely reviewed. If your proof-of-concept depends on a
specially constructed binary file, please include a script to construct it
rather than the file itself. Ideally, include a minimal patch with the mitigation
for the report.

Reports that do not contain a potential security vulnerability (such as spam or
requesting compliance or due-diligence work) will be discarded without a reply.