Create SECURITY.md

ibakshay · web-flow · commit fb42c78b46c3 · 2021-01-12T19:44:19.000+05:30
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Vulnerabilities
+
+The CLA Assistant is built with security and data privacy in mind to ensure your data is safe.
+
+## Reporting
+
+We are grateful for security researchers and users reporting a vulnerability to us, first. To ensure that your request is handled in a timely manner and non-disclosure of vulnerabilities can be assured, please follow the below guideline.
+
+**Please do not report security vulnerabilities directly on GitHub. GitHub Issues can be publicly seen and therefore would result in a direct disclosure.**
+
+For reporting a vulnerability, please use the Vulnerability Report Form for Security Researchers on [SAP Trust Center](https://www.sap.com/about/trust-center/security/incident-management.html).
+Please address questions about data privacy, security concepts, and other media requests using the Vulnerability Report Form for Security Researchers on SAP Trust Center.
+
+
+
+## Disclosure Handling
+
+SAP is committed to timely review and respond to your request. The resolution of code defects will be handled by a dedicated group of security experts and prepared in a private GitHub repository. The project will inform the public about resolved security vulnerabilities via GitHub Security Advisories.
