Add SECURITY.md policy file
CodeQL / Analyze (cpp) (push) Has been cancelled
unit-tests / unit-tests (push) Has been cancelled
checkstyle / checkstyle (push) Has been cancelled
CodeQL / Analyze (python) (push) Has been cancelled
smatch / smatch (push) Has been cancelled
zfs-arm / ZFS ARM build (push) Has been cancelled
zfs-qemu / Setup (push) Has been cancelled
zloop / zloop (push) Has been cancelled
zfs-qemu / qemu-x86 (push) Has been cancelled
zfs-qemu / Cleanup (push) Has been cancelled

Add a basic SECURITY.md file to establish the repository's security
reporting policy.  Includes guidance for reporting security issues
and what to expect.

Reviewed-by: Allan Jude <allan@klarasystems.com>
Reviewed-by: George Melikov <mail@gmelikov.ru>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #18766
This commit is contained in:
Brian Behlendorf
2026-07-08 14:35:46 -07:00
committed by GitHub
parent 6acb99cb1b
commit 0467ba01ce
2 changed files with 30 additions and 0 deletions
+1
View File
@@ -59,6 +59,7 @@
!NOTICE
!README.md
!RELEASES.md
!SECURITY.md
!TEST
!zfs.release.in
+29
View File
@@ -0,0 +1,29 @@
# Security Policy
## Reporting a Vulnerability
We encourage responsible disclosure of security vulnerabilities. If you
find something suspicious, we encourage and appreciate your report.
The preferred way to report a vulnerability is to use the
**"Report a vulnerability"** button under the **Security** tab of the
OpenZFS GitHub repository. This creates a private communication channel
between you and the maintainers, allowing us to review the report
confidentially and respond as quickly as possible.
Please include, if possible:
- A clear description of the issue
- Steps to reproduce the problem
- Affected versions or branches
- Any proof of concept, logs, or screenshots
- Your assessment of the potential impact
## What to Expect
- We will review security reports as soon as practical.
- We may ask follow-up questions to better understand the issue.
- Please allow time for investigation and coordination before public
disclosure.
- If the issue is confirmed, we will work on a fix and release a security
update as needed for supported OpenZFS versions.