From 768671ad57911260c334705c85341dae7e1dc0c2 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@penumbralabs.xyz>
Date: Wed, 1 May 2024 10:33:28 -0700
Subject: [PATCH] docs: add security email info to readme

We have an email alias set up for team leads, so that external parties
have a single entrypoint to disclose security-related issues.
Once we settle on language here, we can duplicate this notice in other
Penumbra-related repositories.
---
 README.md | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 366559e603..38bd5a7e0f 100644
--- a/README.md
+++ b/README.md
@@ -41,7 +41,13 @@ For a high-level view of current work-in-progress and future items, check out ou
 [protobuf]: https://buf.build/penumbra-zone/penumbra
 [tm-install]: https://github.com/tendermint/tendermint/blob/master/docs/introduction/install.md#from-source
 
-# License
+
+## Security
+If you believe you've found a security-related issue with Penumbra,
+please disclose responsibly by contacting the Penumbra Labs team at
+security@penumbralabs.xyz.
+
+## License
 
 By contributing to penumbra you agree that your contributions will be licensed
 under the terms of both the [LICENSE-Apache-2.0](LICENSE-Apache-2.0) and the
@@ -50,4 +56,3 @@ under the terms of both the [LICENSE-Apache-2.0](LICENSE-Apache-2.0) and the
 If you're using penumbra you are free to choose one of the provided licenses:
 
 `SPDX-License-Identifier: MIT OR Apache-2.0`
-