Add security policy by pnacht · Pull Request #1484 · open-source-parsers/jsoncpp (original) (raw)

Fixes #1483.

This PR adds a security policy for JsonCpp.

After reading the conversation in #838, I wrote the policy to suggest the use of GitHub's private reporting feature (must be enabled in the project settings). Let me know if you'd rather use an email or external website (or both!).

The policy also suggests a 90-day remediation schedule, simply because it's pretty standard practice. If you'd rather change that (or anything else!), let me know.