smlx · smlx · Dec 12, 2023 · Dec 12, 2023
diff --git a/README.md b/README.md
@@ -71,6 +71,7 @@ Configure the repository:
     * Dependabot security updates
         * Secret scanning
             * Push protection
+    * Private vulnerability reporting
 
 1. Go to repository Settings > Actions > General:
 

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+Please do not use older minor versions, as these are not supported.
+Only the latest minor version will receive patch releases.
+
+## Reporting a Vulnerability
+
+To report a security issue, please [privately report a security vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) through GitHub.
+If you do not have a GitHub account, please email [email protected] with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+We will endeavour to respond within 3 working days of your email.
+
+If an issue is confirmed as a vulnerability, we will open a Security Advisory.
+This project follows a 30 day disclosure timeline.