Skip to content

Commit

Permalink
Add SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
mogul committed May 6, 2024
1 parent 41e5d7c commit 7587337
Showing 1 changed file with 45 additions and 0 deletions.
45 changes: 45 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Security Policy

As a U.S. Government agency, the General Services Administration (GSA) takes
seriously our responsibility to protect the public's information, including
financial and personal information, from unwarranted disclosure.

## Reporting a Vulnerability

Services operated by the U.S. General Services Administration (GSA)
are covered by the **GSA Vulnerability Disclosure Program (VDP)**.

See the [GSA Vulnerability Disclosure Policy](https://gsa.gov/vulnerability-disclosure-policy)
at <https://www.gsa.gov/vulnerability-disclosure-policy> for details including:

* How to submit a report if you believe you have discovered a vulnerability.
* GSA's coordinated disclosure policy.
* Information on how you may conduct security research on GSA developed
software and systems.
* Important legal and policy guidance.

### [Bug Bounties](https://hackerone.com/gsa_bbp)

Certain GSA/TTS programs have bug bounties that are not discussed at the above link. If you find security issues for any of the following domains:

* 18f.gov
* cloud.gov
* fedramp.gov
* login.gov
* search.gov
* usa.gov
* vote.gov

you should also review the [GSA Bug Bounty program](https://hackerone.com/gsa_bbp) at <https://hackerone.com/gsa_bbp/> for a potential bounty.

## Supported Versions

Please note that only certain branches are supported with security updates.

| Version (Branch) | Supported |
| ---------------- | ------------------ |
| main | :white_check_mark: |
| other | :x: |

When using this code or reporting vulnerabilities please only use supported
versions.

0 comments on commit 7587337

Please sign in to comment.