From 4e504eaca13ec6b24de0e10068afc43f0bee39d5 Mon Sep 17 00:00:00 2001
From: "Yukihiro \"Matz\" Matsumoto" <matz@ruby.or.jp>
Date: Fri, 1 Oct 2021 19:13:07 +0900
Subject: SECURITY.md: add scope description.

---
 SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 03e436819..2f0ae5b28 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -3,3 +3,16 @@
 ## Reporting a Vulnerability
 
 If you have any security concern, contact <matz@ruby.or.jp>.
+
+## Scope
+
+We consider following issues as vulnerabilities:
+
+* Remote code execution
+* Crash caused by a valid Ruby script
+
+We *don't* consider following issues as vulnerabilities:
+
+* Runtime C undefined behavior (including integer overflow)
+* Crash caused by misused API
+* Crash caused by tweaked compiled binary
-- 
cgit v1.2.3