From 8d5ef9c93e80b82bcd6655f92334902b4b655ddf Mon Sep 17 00:00:00 2001
From: Eric Liu <ericyl.us@gmail.com>
Date: Tue, 7 Nov 2023 18:42:46 -0800
Subject: [PATCH] chore: create SECURITY.md

#1837
---
 SECURITY.md | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..84d28e41fa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+_Please do not report security vulnerabilities through public GitHub issues._
+
+Instead, report a vulnerability through GitHub's security advisory feature at
+https://github.com/carbon-design-system/carbon-components-svelte/security/advisories/new
+
+Please include a description of the issue, the steps you took to create the
+issue, affected versions, and, if known, mitigations for the issue. Our team
+aims to respond to all new vulnerability reports within 7 business days.
+
+Additional information on reporting vulnerabilities to IBM is available at
+https://www.ibm.com/trust/security-psirt
+
+## Preferred languages
+
+We prefer all communications to be in English.
+
+## Comments on this policy
+
+If you have suggestions on how this process could be improved please
+[submit a pull request](https://github.com/carbon-design-system/carbon-components-svelte/compare)
+or [file an issue](https://github.com/carbon-design-system/carbon-components-svelte/issues/new) to
+discuss.