Merge branch 'develop' into openssl-fixes

1 files changed, 34 insertions, 0 deletions

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..68d96ac
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,34 @@
+
+# Security Policy
+
+Please follow the [official issues page](https://www.vaughnnugent.com/resources/software/modules/noscrypt-issues) 
+for progress on all security related issues.
+
+## Supported Versions
+
+Noscrypt is in pre-release and is not yet considered completely stable,
+security fixes will be issued as soon as possible and rolled into the next release.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| > 0.1.1 | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Vulnerabilities should be reported by email to vnpublic[at]proton.me or by submitting a 
+private vulnerability report on [GitHub](https://github.com/VnUgE/noscrypt/security). 
+Email is preferred for the fastest response.
+
+Security reports are greatly appreciated and will be handled with the highest priority,
+as noscrypt is cryptography infrastructure software. You should hear back within 48 hours
+but this can vary because I'm just a single person who also has responsibilities.
+
+Please contact me as soon as possible if you believe you have found a security vulnerability 
+in noscrypt, preferably before disclosing the issue publicly. I will keep you informed about
+the progress of the fix and disclosure.
+ 
+
+## Notices
+I will attempt to update the [changelog](CHANGELOG.md) with security fixes as they are completed
+and close issues as they are resolved. If you have any questions or concerns about the security
+of noscrypt, please contact me at the email address above.