From d84ebc157196e80c9ddb116f351bf633fd1340e7 Mon Sep 17 00:00:00 2001 From: Steve Lee Date: Tue, 6 Aug 2019 16:32:58 -0700 Subject: [PATCH] Update our language on our policy applying to security issues (#10304) --- .github/SECURITY.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 3277852a85..10633f0d6d 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -1,5 +1,12 @@ # Security Vulnerabilities +Security issues are treated very seriously and will, by default, +takes precedence over other considerations including usability, performance, +etc... Best effort will be used to mitigate side effects of a security +change, but PowerShell must be secure by default. + +## Reporting a security vulnerability + If you believe that there is a security vulnerability in PowerShell, it **must** be reported to [secure@microsoft.com](https://technet.microsoft.com/security/ff852094.aspx) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923). **Only** file an issue, if [secure@microsoft.com](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue?rtc=1) has confirmed filing an issue is appropriate.