Merge pull request #916 from ericchiang/readme-security-diclosure

README: add section about reporting security vulnerabilities

Merge pull request #916 from ericchiang/readme-security-diclosure
README: add section about reporting security vulnerabilities
2edfec5d · Eric Chiang · GitHub · 521dbff7 · a12d2f85 · 2edfec5d
Commit 2edfec5d authored Apr 19, 2017 by Eric Chiang Committed by GitHub Apr 19, 2017
Show whitespace changes
Inline Side-by-side

Showing with 6 additions and 1 deletion

README.md README.md +6 -1

No files found.
--- a/README.md
+++ b/README.md
@@ -44,9 +44,13 @@ More docs for running dex as a Kubernetes authenticator can be found [here](Docu
 * Client libraries
  * [Go][go-oidc]

+## Reporting a security vulnerability
+
+Due to their public nature, GitHub and mailing lists are NOT appropriate places for reporting vulnerabilities. Please refer to CoreOS's [security disclosure][disclosure] process when reporting issues that may be security related.
+
 ## Getting help

-* For bugs and feature requests (including documentation!), file an [issue][issues].
+* For feature requests and bugs, file an [issue][issues].
 * For general discussion about both using and developing dex, join the [dex-dev][dex-dev] mailing list.
 * For more details on dex development plans, check out the GitHub [milestones][milestones].

@@ -59,3 +63,4 @@ More docs for running dex as a Kubernetes authenticator can be found [here](Docu
 [issues]: https://github.com/coreos/dex/issues
 [dex-dev]: https://groups.google.com/forum/#!forum/dex-dev
 [milestones]: https://github.com/coreos/dex/milestones
+[disclosure]: https://coreos.com/security/disclosure/