Security policy

To be done, something likes outlined in https://www.hackerone.com/blog/Vulnerability-Disclosure-Policy-Basics-5-Critical-Components

Promise

Promise: Demonstrate a clear, good faith commitment to customers and other stakeholders potentially impacted by security vulnerabilities.

Scope

Scope: Indicate what properties, products, and vulnerability types are covered.

“Safe Harbor”

“Safe Harbor”: Assures that reporters of good faith will not be unduly penalized.

Process

Process: The process finders use to report vulnerabilities.

Preferences

Preferences: A living document that sets expectations for preferences and priorities regarding how reports will be evaluated.