From 1a511970b6bfb2d48160d20fd9c47de955d42279 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerardo=20V=C3=A1zquez?= <gerardov@empathy.co>
Date: Mon, 11 Sep 2023 10:49:47 +0200
Subject: [PATCH] docs: add security policy

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..0bd026a7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please **do NOT** raise a GitHub Issue to report a security vulnerability. This kind of issues must
+be communicated in a private manner. If you believe you have found a security vulnerability, report
+it to our dedicated email address
+[security_champions@empathy.co](mailto:security_champions@empathy.co). We ask that you do not use
+other channels or contact project contributors directly. Non-vulnerability related security issues
+such as new great new ideas for security features are welcome on GitHub Issues.
+
+On top of that, if you would like to provide a patch, please **do not open a pull request** as it is
+another public way to discover the vulnerability. Instead, create a commit on your fork of
+**empathyco/x** and run this command:
+
+```bash
+git format-patch -1 HEAD --stdout > x_security_patch.txt
+```
+
+This command will create a file called `x_security_patch` with the content of your last commit.
+
+As a summary, send an email with:
+
+- Subject: Interface X Security Alert
+- Content: Description of the vulnerability
+- Attach the `x_security_patch` file if you have created one.
+
+Thanks for your contribution.