Update our language on our policy applying to security issues (#10304)

2019-08-06 16:32:58 -07:00 · 2019-08-06 16:32:58 -07:00 · d84ebc1571
parent 9eb5587d07
commit d84ebc1571
1 changed files with 7 additions and 0 deletions
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -1,5 +1,12 @@
 # Security Vulnerabilities

+Security issues are treated very seriously and will, by default,
+takes precedence over other considerations including usability, performance,
+etc...  Best effort will be used to mitigate side effects of a security
+change, but PowerShell must be secure by default.
+
+## Reporting a security vulnerability
+
 If you believe that there is a security vulnerability in PowerShell,
 it **must** be reported to [secure@microsoft.com](https://technet.microsoft.com/security/ff852094.aspx) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
 **Only** file an issue, if [secure@microsoft.com](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue?rtc=1) has confirmed filing an issue is appropriate.