Create SECURITY.md

1886841e · snipe · GitHub · b037d0ef · 1886841e
Unverified Commit 1886841e authored 4 years ago by snipe Committed by GitHub 4 years ago
--- a/SECURITY.md
+++ b/SECURITY.md
+# Security Policy
+
+We take security issues very seriously, and will always attempt to address any 
+vulnerabilities as quickly as possible. 
+
+## Supported Versions
+
+We try to make a reasonable effort to support older versions of Snipe-IT, 
+however there are times when library dependencies and/or PHP/MySQL dependencies 
+make it impossible to backport security fixes on older versions. 
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Security vulnerabilities should be sent to security@snipeitapp.com. You can typically expect a 
+response within two business days, and we typically have fixes out in under a week from the initial disclosure.
+
+This obviously varies based on the severity of the  security issue and the difficulty in remediation, 
+but those have historically been the timelines we worm around.
+
+For a full breakdown of our security policies, please see https://snipeitapp.com/security.