Yes, we already have the `SECURITY.md` file. - https://github.com/apache/incubator-teaclave/blob/master/SECURITY.md - https://github.com/apache/incubator-teaclave/security/policy
I also add this to the `COMMUNITY.md` file to make sure people from the homepage can see it. Now, it's online: https://teaclave.apache.org/community/#reporting-a-vulnerability. I'll also add a `SECURITY.md` file to the incubator-teaclave-sgx-sdk repo. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/apache/incubator-teaclave/pull/441#issuecomment-743461264
