From cbe1453df714afb6c02b578d9c6e9c9c0a18de90 Mon Sep 17 00:00:00 2001 From: Tarak Ben Youssef Date: Thu, 26 Feb 2026 14:57:55 +0800 Subject: [PATCH] add more explicit security guidelines --- .github/ISSUE_TEMPLATE/bug-report.yaml | 4 ++-- .github/ISSUE_TEMPLATE/config.yml | 5 +++++ SECURITY.md | 10 ++++++++++ 3 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 SECURITY.md diff --git a/.github/ISSUE_TEMPLATE/bug-report.yaml b/.github/ISSUE_TEMPLATE/bug-report.yaml index 259eade1..5a2be144 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yaml +++ b/.github/ISSUE_TEMPLATE/bug-report.yaml @@ -8,10 +8,10 @@ body: value: | > **Warning** > Do you experience an unexpected result or a crash? - > Please do **NOT** report it as a bug! + > Please do **NOT** report it as a bug. > > Instead, report it as a security issue: - > https://flow.com/flow-responsible-disclosure + > following the instructions in our [guidelines](../../SECURITY.md) to report it responsibly. - type: textarea attributes: label: Current Behavior diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 00000000..ff8ff511 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,5 @@ +blank_issues_enabled: true +contact_links: + - name: Report a security vulnerability + url: ../../SECURITY.md + about: Please review our security policy on how to report security vulnerabilities responsibly. diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..4599ce7e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,10 @@ + +# Responsible Disclosure Policy + +Responsible disclosure of vulnerabilities helps to maintain the security and privacy of everyone. + +If you care about making a difference, please follow the guidelines below. + +# **Guidelines For Responsible Disclosure** + +We ask that all researchers adhere to these guidelines [here](https://flow.com/flow-responsible-disclosure). \ No newline at end of file