From 3da63fd37f8dd63518dc3826129576a5f00ad1fb Mon Sep 17 00:00:00 2001
From: Ales Stimec <ales.stimec@canonical.com>
Date: Thu, 17 Oct 2024 10:18:51 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..38fbc6683
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Reporting a vulnerability
+
+The easiest way to report a security issue is through
+[GitHub](https://github.com/canonical/jimm/security/advisories/new). See
+[Privately reporting a security
+vulnerability](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)
+for instructions.
+
+The JIMM GitHub admins will be notified of the issue and will work with you
+to determine whether the issue qualifies as a security issue and, if so, in
+which component. We will then handle figuring out a fix, getting a CVE
+assigned and coordinating the release of the fix to the various Linux
+distributions.
+
+The [Ubuntu Security disclosure and embargo
+policy](https://ubuntu.com/security/disclosure-policy) contains more
+information about what you can expect when you contact us, and what we
+expect from you.