From 19cce7c6c8e9cb0232a8996446115c63ca39a9f8 Mon Sep 17 00:00:00 2001
From: David Dight <dakka@users.noreply.github.com>
Date: Sun, 31 Mar 2024 17:46:53 +1100
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..93d83fda
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+Security Policy
+This document outlines the security policy for the conjure_enum project. Here, we detail how to report vulnerabilities and how we handle them.
+
+## Reporting a Vulnerability
+
+If you discover a potential security vulnerability in conjure_enum, we encourage you to report it responsibly. Here's how:
+
+- **Privately Contact Us:** Please file a [detailed report](https://github.com/fix8mt/conjure_enum/security/advisories/new).
+- **Include Details:** In your email, please provide the following information (if applicable):
+  - A clear description of the vulnerability.
+  -  Steps to reproduce the vulnerability (if possible).
+  - The potential impact of the vulnerability.
+We appreciate your cooperation in keeping conjure_enum secure. We will work with you confidentially to address the vulnerability as quickly as possible.
+
+## Disclosure Process
+
+Once a vulnerability is confirmed, we will follow these steps:
+
+- **Acknowledge Receipt:** We will acknowledge receipt of your report within 48 hours.
+- **Work on a Fix:** We will prioritize fixing the vulnerability and aim to release a patch within a reasonable timeframe.
+- **Notify Users (if necessary):** For critical vulnerabilities, we may publish a security advisory on the GitHub repository detailing the issue and mitigation steps.
+
+Thank You