From f1fdec5afeec887087182af54ca8a954dc2d7577 Mon Sep 17 00:00:00 2001
From: Hayden <64056131+hay-kot@users.noreply.github.com>
Date: Tue, 31 May 2022 08:29:45 -0800
Subject: [PATCH] add security.md

---
 .vscode/settings.json | 3 ++-
 SECURITY.md           | 9 +++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 SECURITY.md

diff --git a/.vscode/settings.json b/.vscode/settings.json
index fd7656f7..99d1dcc4 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -52,6 +52,7 @@
     "package.json": "package-lock.json, yarn.lock, .eslintrc.js, tsconfig.json, .prettierrc, .editorconfig",
     "pyproject.toml": "poetry.lock, alembic.ini, .pylintrc, .flake8",
     "netlify.toml": "runtime.txt",
-    "docker-compose.yml": "Dockerfile, .dockerignore, docker-compose.dev.yml, docker-compose.yml"
+    "docker-compose.yml": "Dockerfile, .dockerignore, docker-compose.dev.yml, docker-compose.yml",
+    "README.md": "LICENSE, SECURITY.md"
   }
 }
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..6b913632
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Since this software is still considered beta/WIP support is always only given for the latest version. Security patches are only available for the latest version and not back-ported to older versions.
+
+## Reporting a Vulnerability
+
+For general security vulnerabilities you're welcome to open a GitHub issues or contribute a fix. If you feel the vulnerability should not be disclosed you can open a generic issue on GitHub and email to the details to [ob92oy0sl@mozmail.com](mailto:ob92oy0sl@mozmail.com) which is monitored by the maintainer.