From 9e68535846dc9be9e443614a2cbaa339541c7809 Mon Sep 17 00:00:00 2001
From: Jan De Dobbeleer <2492783+JanDeDobbeleer@users.noreply.github.com>
Date: Thu, 8 Sep 2022 08:47:19 +0200
Subject: [PATCH] chore: add security policy

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..fb948207
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest [release][releases] is supported.
+
+## Reporting a Vulnerability
+
+Vulnerabilities can be send in via [email][email] to avoid publishing in the open.
+Oh My Posh does not have a bountry program, neither do we respond to beg bounties.
+
+For valid security concerns, you can expect a response within 48 hours,
+and credit is given once an acceptable fix is found and published.
+
+[releases]: https://github.com/JanDeDobbeleer/oh-my-posh/releases
+[email]: mailto:security@ohmyposh.dev