From 623767285575033df54673b2ff8be6bbef81f129 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20N=C3=A9grier?= <d.negrier@thecodingmachine.com>
Date: Wed, 23 Jun 2021 15:26:17 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..562da3e0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+First things first: **Do NOT report security vulnerabilities in public issues!**
+
+Please disclose responsibly by sending
+a mail at security@workadventu.re (you can also ping us in the GitHub issues, but please, no details in the issues!)
+
+We will assess the issue as soon as possible on a best-effort basis and will give you an estimate for when we have a fix 
+and release available for an eventual public disclosure.
+
+We do not have a bug bounty program.
+
+## Supported Versions
+
+We only apply security patches on the latest tagged release and on the `master` and `develop` branches
+
+Unless specified otherwise, do not expect us to fix security issues on past releases. We are only maintaining one release:
+the latest one, which is online at https://play.workadventu.re.