GOV: add security reporting policy

tacaswell · tacaswell · commit ea73f0038b05 · 2022-10-31T18:21:43.000-04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+
+## Reporting a Vulnerability
+
+
+To report a security vulnerability, please use the [Tidelift security
+contact](https://tidelift.com/security).  Tidelift will coordinate the fix and
+disclosure.
+
+If you have found a security vulnerability, in order to keep it confidential,
+please do not report an issue on GitHub.
+
+We do not award bounties for security vulnerabilities.
