From ea305f2cf38a4b703ec5acd1cf2d9d02be224e77 Mon Sep 17 00:00:00 2001
From: Bart van der Braak <bartvdbraak@gmail.com>
Date: Wed, 10 Jan 2024 15:41:58 +0100
Subject: [PATCH] feat: add security document

---
 SECURITY.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..3d04623
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+Use the latest version of Keyweave for the latest security updates.
+
+## Reporting Vulnerabilities
+
+To report a security issue, please email [bart@vanderbraak.nl](mailto:bart@vanderbraak.nl) with a detailed description and steps to reproduce. Do not file a public issue for security vulnerabilities.
+
+### Response Timeline
+
+We aim to respond to security reports within 48 hours, and to patch the issue within a reasonable timeframe depending on the severity.
+
+### Responsible Disclosure
+
+Please allow us a reasonable timeframe to address the issue before publicly disclosing it.
+
+### Acknowledgements
+
+We appreciate the responsible disclosure of issues by our users and will acknowledge contributors in our release notes.
+
+## Security Best Practices
+
+- Ensure you are running the latest version of Keyweave.
+- Follow secure password and authentication practices.
+
+## Contact Alternatives
+
+If you are unable to send an email, please open an issue on GitHub without disclosing details such that we can establish a alternative form of communication.
+