Add a security policy that uses g.co/vulnz for intake. (#2044)

googleforgames · Apr 2, 2021 · f2ae22f · f2ae22f
1 parent c6d1c0a
commit f2ae22f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,4 @@
+To report a security issue, please use http://g.co/vulnz. We use
+http://g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.
diff --git a/README.md b/README.md
@@ -42,6 +42,11 @@ Documentation can be found on the [Agones website](https://agones.dev/site/docs/
 
 Participation in this project comes under the [Contributor Covenant Code of Conduct](code-of-conduct.md)
 
+## Reporting Security Issues
+
+To report a security issue for this project, please follow the instructions in
+the [Project Security Policy](.github/SECURITY.md)
+
 ## Development and Contribution
 
 Please read the [contributing](CONTRIBUTING.md) guide for directions on submitting Pull Requests to Agones, and community membership governance.