From 4287cd429d2aa54227d989cf4071b9d8d6196bf3 Mon Sep 17 00:00:00 2001
From: cupcakearmy <hi@nicco.io>
Date: Sat, 10 Sep 2022 13:13:09 +0200
Subject: [PATCH] security reporting

---
 README.md   |  4 ++++
 SECURITY.md | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index ea8ccaf..b390078 100644
--- a/README.md
+++ b/README.md
@@ -155,6 +155,10 @@ pnpm run ci:server
 pnpm run test:local
 ```
 
+## Security
+
+Please refer to the security section [here](./SECURITY.md).
+
 ###### Attributions
 
 - Test data:
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..703f870
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Please ensure that you are using the latest major version available.
+
+| Version | Supported |
+| ------- | --------- |
+| 2.x     | ✅        |
+| < 1.x   | ❌        |
+
+## Reporting a vulnerability
+
+_cryptgeon_ has a full disclosure vulnerability policy.
+Report any bug / vulnerability directly to the [issue tracker](https://github.com/cupcakearmy/cryptgeon/issues).
+Please do NOT attempt to report any security vulnerability in this code privately to anybody.
+
+> Shamefully copied of the [ring security section](https://github.com/briansmith/ring#bug-reporting).