#1110 add security.md

TheHive-Project · Jul 7, 2022 · da9c0e7 · da9c0e7
1 parent 7158c4a
commit da9c0e7
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,31 @@
+# StrangeBee Security Policies
+
+At [StrangeBee](https://www.strangebee.com) we take the security our software and services seriously, including following applications and projects:
+
+- TheHive (TheHive 5, and [previous open source version](https://github.com/TheHive-Project/TheHive))
+- [Cortex](https://github.com/TheHive-Project/Cortex)
+- [Cortex-Analyzers](https://github.com/TheHive-Project/Cortex-Analyzers)
+
+## Reporting a vulnerability
+
+If you believe you have found a security vulnerability in our applications and services (TheHive, Cortex, Cortex-Analyzers ...), report it to us.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Instead, please send security vulnerabilities by emailing the StrangeBee Security team:
+
+```
+security[@]strangebee[.]com
+```
+
+In this email, please include as much information as possible that can help us better understand and resolve the issue:
+
+- Application and version
+- Special configuration and usage required to reproduce the issue
+- Step-by-step instructions to reproduce the issue
+- Exploit code is any
+- Impact of the issue
+
+This will be very useful and help us triage your report more quickly.
+
+Please review our [Responsible Vulnerability Disclosure policy](https://github.com/Security/Policies/Vulnerability%20Disclosure%20policy.md) for more information.