From e64b4a0f2b7e377f2a6ff3da05df81ac16bec812 Mon Sep 17 00:00:00 2001
From: Santiago Carmuega <santiago@carmuega.me>
Date: Wed, 22 May 2024 10:53:39 -0300
Subject: [PATCH] docs: define security policy (#464)

Signed-off-by: Santiago Carmuega <santiago@carmuega.me>
---
 SECURITY.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..fa81f19
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,22 @@
+# Security Policy
+
+## Supported Versions
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 0.x.x    | :white_check_mark: |
+| < 0.15   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of our project seriously. If you find any security vulnerabilities in the Pallas codebase, please follow these steps:
+
+- DO NOT open an issue on GitHub.
+- Email us directly at [security@txpipe.io](security@txpipe.io).
+- Provide as many details as possible about the vulnerability. If you know how to reproduce the vulnerability, please include that information too.
+- We will respond to your report within 48 hours and will keep you updated on the status of the issue.
+- Once we have fixed the issue, we will credit you for your discovery in the public announcement (unless you prefer to remain anonymous).
+
+Please act in good faith towards our users' privacy and data during your disclosure. We care deeply about maintaining the trust of our users and community and expect you to follow the same principles.
+
+Thank you for helping keep Pallas and our users safe!