From 8058c06328e83d0eb3520935b25a4f43cd475d43 Mon Sep 17 00:00:00 2001
From: "Marc R. Schoolderman" <info@squell.net>
Date: Wed, 11 Dec 2024 11:16:02 +0100
Subject: [PATCH] Create SECURITY.md

If we're public we need to state a security policy. Don't forget to also actually enable the security center in the GitHub repository settings.
---
 SECURITY.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..bc51aca0c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+Security policy
+===============
+
+**Do not report security vulnerabilities through public GitHub issues.**
+Instead, you can report security vulnerabilities using [our security page].
+
+Please include as much of the following information as possible:
+
+ * Type of issue (e.g. buffer overflow, privilege escalation, etc.)
+ * The location of the affected source code (tag/branch/commit or direct URL)
+ * Any special configuration required to reproduce the issue
+ * If applicable, which platforms are affected
+ * Step-by-step instructions to reproduce the issue
+ * Impact of the issue, including how an attacker might exploit the issue
+
+## Preferred Languages
+
+We prefer to receive reports in English. If necessary, we also understand Dutch and Frisian.
+
+## Disclosure Policy
+
+We adhere to the principle of [coordinated vulnerability disclosure].
+
+Security Advisories
+===================
+Security advisories will be published on our [github advisories page] and
+possibly through other channels.
+
+[our security page]: https://github.com/trifectatechfoundation/libbzip2-rs/security
+[coordinated vulnerability disclosure]: https://vuls.cert.org/confluence/display/CVD/Executive+Summary
+[github advisories page]: https://github.com/trifectatechfoundation/libbzip2-rs/security/advisories