|
|
@@ -0,0 +1,42 @@
|
|
|
+# Security Policies and Procedures
|
|
|
+
|
|
|
+This document outlines security procedures and general policies for the _mailcow: dockerized_ project as found on [mailcow-dockerized](https://github.com/mailcow/mailcow-dockerized).
|
|
|
+
|
|
|
+ * [Reporting a Vulnerability](#reporting-a-vulnerability)
|
|
|
+ * [Disclosure Policy](#disclosure-policy)
|
|
|
+ * [Comments on this Policy](#comments-on-this-policy)
|
|
|
+
|
|
|
+## Reporting a Vulnerability
|
|
|
+
|
|
|
+The mailcow team and community take all security vulnerabilities
|
|
|
+seriously. Thank you for improving the security of our open source
|
|
|
+software. We appreciate your efforts and responsible disclosure and will
|
|
|
+make every effort to acknowledge your contributions.
|
|
|
+
|
|
|
+Report security vulnerabilities by emailing the mailcow team at:
|
|
|
+
|
|
|
+ info at servercow.de
|
|
|
+
|
|
|
+mailcow team will acknowledge your email as soon as possible, and will
|
|
|
+send a more detailed response afterwards indicating the next steps in
|
|
|
+handling your report. After the initial reply to your report, the mailcow
|
|
|
+team will endeavor to keep you informed of the progress towards a fix and
|
|
|
+full announcement, and may ask for additional information or guidance.
|
|
|
+
|
|
|
+Report security vulnerabilities in third-party modules to the person or
|
|
|
+team maintaining the module.
|
|
|
+
|
|
|
+## Disclosure Policy
|
|
|
+
|
|
|
+When the mailcow team receives a security bug report, they will assign it
|
|
|
+to a primary handler. This person will coordinate the fix and release
|
|
|
+process, involving the following steps:
|
|
|
+
|
|
|
+ * Confirm the problem and determine the affected versions.
|
|
|
+ * Audit code to find any potential similar problems.
|
|
|
+ * Prepare fixes for all releases still under maintenance.
|
|
|
+
|
|
|
+## Comments on this Policy
|
|
|
+
|
|
|
+If you have suggestions on how this process could be improved please submit a
|
|
|
+pull request.
|
Peter