From eb23d99151d8ff09b2b51d38d7be8330610c516d Mon Sep 17 00:00:00 2001
From: Laura Hausmann <laura@hausmann.dev>
Date: Wed, 23 Oct 2024 04:49:19 +0200
Subject: [PATCH] [docs] Add SECURITY.md

---
 SECURITY.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..1f24813c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Security vulnerability disclosure
+
+If you discover a security vulnerability, you can report it to us via any of the below channels:
+- Open an issue of type "Security" on the [issue tracker](https://issues.iceshrimp.dev/). Make sure to set "Confidential" to "Yes" if the vulnerability details are not already public.
+- Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message.
+
+This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly.