From 5415b46c4bb6258a957f101ffb10ac2f6c5bd831 Mon Sep 17 00:00:00 2001
From: Charles Korn <charleskorn@users.noreply.github.com>
Date: Mon, 13 Mar 2023 11:07:48 +1100
Subject: [PATCH] Add security policy.

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..03abe310
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+Only the most recent version of kaml is supported with security fixes. Older versions are not supported.
+
+Sample projects are provided as-is. While I will endeavour to fix any issues reported, they are intended as educational examples, not production-ready code.
+
+## Reporting a Vulnerability
+
+If you discover or suspect you have discovered a vulnerability, please report it through [GitHub's security vulnerability reporting tool](https://github.com/charleskorn/kaml/security/advisories).
+Please include a short description of the issue and steps on how to reproduce it.
+
+The issue will be investigated and fixed privately, then disclosed publicly once a fix is available.
+
+Anyone who reports a vulnerability will be acknowledged in the release notes and security advisory.