From 31a627037dcd583e3e0ceebafbf5db5ee4409c7e Mon Sep 17 00:00:00 2001
From: "David A. Wheeler" <dwheeler@dwheeler.com>
Date: Wed, 23 Aug 2023 13:55:21 -0400
Subject: [PATCH] Add SECURITY.md file

The README says to look at SECURITY.md, but there is no such file.
Here's a proposed file with useful content.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
---
 SECURITY.md | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..7792ddf
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security
+
+If you find a significant vulnerability, or evidence of one,
+please report it privately.
+
+We prefer that you use the [GitHub mechanism for privately reporting a vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability). Under the
+[main repository's security tab](https://github.com/coreinfrastructure/best-practices-badge/security), in the left sidebar, under "Reporting", click
+Advisories, then click "Report a vulnerability" to open the advisory form.