libfabric/SECURITY.md: Add a SECURITY.md file

This commit adds a SECURITY.md file. Information about how to report a security vulnerability in libfabric project/source code is mentioned in the file. This will also help in improving the OSSF score. Signed-off-by: Juee Himalbhai Desai <[email protected]>
ofiwg · Mar 11, 2024 · feae05f · feae05f
1 parent 9be500e
commit feae05f
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+# Reporting Security Issues
+
+The libfabric team and community take security bugs in libfabric seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
+
+To report a security issue, please use the GitHub Security Advisory ["Report a Vulnerability"](https://github.com/ofiwg/libfabric/security) tab.
+
+The libfabric team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the team maintaining the module.
+