From c24d6e2242ae0e026684b8f95decf156aba6e75e Mon Sep 17 00:00:00 2001
From: Ivan Kohler <ivan@freeside.biz>
Date: Thu, 7 Jun 2012 16:55:45 -0700
Subject: rt 4.0.6

---
 rt/docs/security.pod | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'rt/docs/security.pod')

diff --git a/rt/docs/security.pod b/rt/docs/security.pod
index b8650e05d..620f8687c 100644
--- a/rt/docs/security.pod
+++ b/rt/docs/security.pod
@@ -9,6 +9,21 @@ key).
 
 More information is available at L<http://bestpractical.com/security/>.
 
+
+=head2 RT's security process
+
+After a security vulnerability is reported to Best Practical and
+verified, we attempt to resolve it in as timely a fashion as possible.
+Best Practical support customers will be notified before we disclose the
+information to the public.  All security announcements will be sent to
+C<rt-announce@bestpractical.com>, which includes
+C<rt-users@bestpractical.com> and C<rt-devel@bestpractical.com>.
+
+As the tests for security vulnerabilities are often nearly identical to
+working exploits, sensitive tests will be embargoed for a period of six
+months before being added to the public RT repository.
+
+
 =head2 Security tips for running RT
 
 =over
-- 
cgit v1.2.1