diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..3624efd3e --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,19 @@ +# Security Policy + +## Disclaimer of Warranty + +From the [license](LICENSE): + +> Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. + +## Supported Versions + +This security policy applies to all software belonging to the Numbas organisation, including the compiler (this repository), the web-based editor, and the LTI provider. + +The latest tagged version and the `master` or `main` branch from each repository are supported. + +If you find a vulnerability in an older version, please check with the latest version in case it's already been fixed. + +## Reporting a Vulnerability + +If you think you have identified a security vulnerability, please email us at numbas@ncl.ac.uk. A member of the team will review your analysis and provide feedback. Please make sure to include enough information so that we can reproduce the issue.