Adding SECURITY.md for github.

closes DEMO-236 flag=none Test Plan: None Change-Id: Ifcccabeb9d1ba0ce197abc40d3e5fdaaec26eaef Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/315009 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Alex Slaughter <aslaughter@instructure.com> QA-Review: Alex Slaughter <aslaughter@instructure.com> Product-Review: Alex Slaughter <aslaughter@instructure.com>
2023-04-03 16:05:41 -06:00 · 2023-04-03 16:05:41 -06:00 · 2a1e443c69
parent 1bdeaab88d
commit 2a1e443c69
1 changed files with 5 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+`canvas-lms` has a private Bug Bounty program in Bugcrowd. If you would like to submit a vulnerability, please email security@instructure.com with the email address of your Bugcrowd researcher account and we will add you to the program. We will reward valid submissions according to our pay scale defined in Bugcrowd. For more information on our Vulnerability Disclosure program, please visit https://www.instructure.com/products/canvas/security