From ab918c139b054dbfe3b9202a86ae6301fa1eb416 Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Thu, 25 Jun 2020 15:22:36 -0700
Subject: [PATCH] docs: Create GitHub SECURITY.md file.

It seems worth participating in this GitHub standard.
---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..cc83b959ac
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+Security announcements are sent to zulip-announce@googlegroups.com,
+so you should subscribe if you are running Zulip in production.
+
+## Reporting a Vulnerability
+
+We love responsible reports of (potential) security issues in Zulip,
+whether in the latest release or our development branch.
+
+Our security contact is security@zulip.com.  Reporters should expect a
+response within 24 hours.
+
+Please include details on the issue and how you'd like to be credited
+in our release notes when we publish the fix.
+
+Our [security
+model](https://zulip.readthedocs.io/en/latest/production/security-model.html)
+document may be a helpful resource.
+
+## Supported Versions
+
+Zulip provides security support for the latest major release, in the
+form of minor security/maintenance releases.
+
+We work hard to make
+[upgrades](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release)
+reliable, so that there's no reason to run older major releases.