X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Fdocs%2Fsecurity.pod;fp=rt%2Fdocs%2Fsecurity.pod;h=620f8687c61f416ab8c1dc5c4c9abd000abbdebd;hp=b8650e05d49d650515ac5161dbc7f868aeb797fb;hb=c24d6e2242ae0e026684b8f95decf156aba6e75e;hpb=6686c29104e555ea23446fe1db330664fa110bc0
diff --git a/rt/docs/security.pod b/rt/docs/security.pod
index b8650e05d..620f8687c 100644
--- a/rt/docs/security.pod
+++ b/rt/docs/security.pod
@@ -9,6 +9,21 @@ key).
More information is available at L.
+
+=head2 RT's security process
+
+After a security vulnerability is reported to Best Practical and
+verified, we attempt to resolve it in as timely a fashion as possible.
+Best Practical support customers will be notified before we disclose the
+information to the public. All security announcements will be sent to
+C, which includes
+C and C.
+
+As the tests for security vulnerabilities are often nearly identical to
+working exploits, sensitive tests will be embargoed for a period of six
+months before being added to the public RT repository.
+
+
=head2 Security tips for running RT
=over