Create SECURITY.md

scott-cotton · web-flow · commit 2f9d8892ef23 · 2021-08-01T03:48:30.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+We welcome security reports.
+
+## Supported Versions
+
+We currently support all releases of Reach.
+
+
+## Reporting a Vulnerability
+
+If you find a vulnerability, please use your discretion.  
+Reach is not a networked tool and is written in a (relatively) 
+safe language.  We would be surprised if their were vulnerabilities
+and use cases for production use warranting private disclosure,
+but it's up to you.  
+
+Private contact is the contact in the CODE_OF_CONDUCT.
+
+## Using Reach
+
+Reach can be used to find security vulnerabilities.  If you do so,
+a citation would be appreciated.
