summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorBarry Dorrans <Barry.Dorrans@microsoft.com>2016-08-23 15:58:44 -0700
committerImmo Landwerth <immol@microsoft.com>2016-08-23 15:58:44 -0700
commitd838802cb1c7c3591fcbd106dafdf8c09f1251c7 (patch)
treeb55ce7b4ba2054e35fa39278d41b51aa895cb9fe /README.md
parent9b46970f46ca055932d8a2815965fff702c37557 (diff)
downloadcoreclr-d838802cb1c7c3591fcbd106dafdf8c09f1251c7.tar.gz
coreclr-d838802cb1c7c3591fcbd106dafdf8c09f1251c7.tar.bz2
coreclr-d838802cb1c7c3591fcbd106dafdf8c09f1251c7.zip
Add section on how to file security bugs
Diffstat (limited to 'README.md')
-rw-r--r--README.md9
1 files changed, 9 insertions, 0 deletions
diff --git a/README.md b/README.md
index 8843d02fe4..5d2ff85c21 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,15 @@ Please read the following documents to get started.
This project has adopted the code of conduct defined by the [Contributor Covenant](http://contributor-covenant.org/) to clarify expected behavior in our community. For more information, see the [.NET Foundation Code of Conduct](http://www.dotnetfoundation.org/code-of-conduct).
+### Reporting security issues and security bugs
+
+Security issues and bugs should be reported privately, via email, to the
+Microsoft Security Response Center (MSRC) <secure@microsoft.com>. You should
+receive a response within 24 hours. If for some reason you do not, please follow
+up via email to ensure we received your original message. Further information,
+including the MSRC PGP key, can be found in the
+[Security TechCenter](https://technet.microsoft.com/en-us/security/ff852094.aspx).
+
License
-------