Add Security Policy

GitHub recently added support for special handling of security policy files. To date, we've not received any security vulnerability reports, but it still seemed like a good idea to have this in place. I am not an expert, but I think I captured what we'd actually want to do here.
drnic · May 7, 2020 · 159477e · 159477e
1 parent b677b93
commit 159477e
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Scenic maintainenance is a volunteer effort. We will do our best to fix
+forward but do not offer backported fixes. As such, the only "supported" version of Scenic is whichever was most recently released.
+
+## Reporting a Vulnerability
+
+Please report any discovered security vulnerabilities to Scenic's primary
+volunteer maintainers, [email protected] and [email protected].
+
+We will respond as soon as possible with any follow-up questions or details
+on how we plan to handle the issue.