Include a security policy for PDF.js

This makes sure that security researchers can find the required information for reporting security vulnerabilities in a standardized manner across GitHub repositories. Please refer to https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository for more information.
mozilla · Jun 23, 2024 · 2beae7a · 2beae7a
1 parent 6784124
commit 2beae7a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,13 @@
+# Security policy
+
+Mozilla takes the security of our software seriously. If you believe you have found a security vulnerability in PDF.js, please report it to us as described below.
+
+## Reporting security vulnerabilities
+
+**Please don't report security vulnerabilities through public GitHub issues.**
+
+Instead, please report security vulnerabilities in [Bugzilla](https://bugzilla.mozilla.org/enter_bug.cgi?product=Firefox&component=PDF%20Viewer&groups=firefox-core-security) and make sure that the checkbox in the "Security" section is checked so the required access controls are automatically configured:
+
+![Security checkbox](security.png)
+
+The Mozilla security team will process the bug as described in [Mozilla's security bugs policy](https://www.mozilla.org/en-US/about/governance/policies/security-group/bugs).
diff --git a/.github/security.png b/.github/security.png