Skip to content

Add security policy#2133

Open
massy-o wants to merge 1 commit into
pymc-devs:mainfrom
massy-o:codex/add-security-policy
Open

Add security policy#2133
massy-o wants to merge 1 commit into
pymc-devs:mainfrom
massy-o:codex/add-security-policy

Conversation

@massy-o
Copy link
Copy Markdown

@massy-o massy-o commented May 14, 2026

Summary

  • add a SECURITY.md with guidance for reporting vulnerabilities privately

Why

The repository is in scope for security research on huntr, but it did not have an obvious repository-level security policy file. This gives reporters a default private-reporting path and discourages disclosure through public issues.

Testing

  • git diff --check

massy-o
massy-o commented May 14, 2026
View reviewed changes
Comment thread SECURITY.md

Please do not report security vulnerabilities through public GitHub issues.

If GitHub private vulnerability reporting is available, use the **Report a vulnerability** button on the repository's Security tab. Otherwise, contact the maintainers through the project's documented support channels before sharing details publicly.
Copy link
Copy Markdown
Author

@massy-o massy-o May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Self-review: This keeps the policy contact-neutral because I did not find a repository-specific security email; it still gives reporters a private-first path and avoids inventing maintainer contact details.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@massy-o