From 50fc4dbcf4ff2111ade708c9f73d05e1c86aceb9 Mon Sep 17 00:00:00 2001
From: Jesse Wierzbinski <contact@cpluspatch.com>
Date: Sun, 19 Nov 2023 16:34:59 -1000
Subject: [PATCH] Add security policy

---
 SECURITY.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..852741a7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions
+
+For now, only the released latest version of Lysand is supported for security updates. This will change as Lysand exits alpha status.
+
+## Reporting a Vulnerability
+
+If you find a vulnerability, please report it to [@CPlusPatch](https://github.com/CPlusPatch) at the following contact endpoints:
+
+- [Matrix](https://matrix.to/#/@jesse:cpluspatch.dev)
+- [E-mail](mailto:contact@cpluspatch.com)
+
+Please do not report vulnerabilities publicly until they have been patched. If you would like to be credited for your discovery, please include your name and/or GitHub username in your report.
+
+## Vulnerability Disclosure Policy
+
+Lysand is an open-source project, and as such, we welcome security researchers to audit our code and report vulnerabilities. We will do our best to patch vulnerabilities as quickly as possible, and will credit researchers for their discoveries if they wish to be credited.
+
+For security reasons, we ask that you do not publicly disclose vulnerabilities until they have been patched. We will do our best to patch vulnerabilities as quickly as possible, and will credit researchers for their discoveries if they wish to be credited.
+
+Thank you for helping to keep Lysand secure! :3
\ No newline at end of file