docs: add SECURITY.md with disclosure policy

2026-05-24 14:15:25 -04:00
parent deb7d017af
commit 09e1bec9a3
1 changed files with 19 additions and 0 deletions
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you find a security issue, please email security@lerkolabs.com rather than opening a public issue.
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+
+We'll acknowledge within 48 hours and aim to patch within 7 days for critical issues.
+
+## Scope
+
+- SSH server authentication
+- Cluster API authentication
+- Stored credentials (alert provider tokens)
+- Status page information leakage