From c458d817234a4799e2ae3dfd567ce32d32922f0d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 11 Jun 2020 14:58:13 +0200
Subject: [PATCH] SECURITY.md: Introduce security reporting process

---
 SECURITY.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..926a6d54
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+OpenSC releases are made roughly once a year, unless important security is discovered.
+
+OpenSC does not release micro updates for previously released versions and does not
+backport security fixes into them.
+
+| Version  | Supported          |
+| -------- | ------------------ |
+| 0.20.0   | :white_check_mark: |
+| < 0.20.0 | :x:                |
+
+## Reporting a Vulnerability
+
+If you discovered security vulnerability in supported version of OpenSC,
+you can either fill an issue in [github](https://github.com/OpenSC/OpenSC/issues)
+(note, that these issues are public!) or you can send email to any recently active
+project developers frankmorgner(at)gmail.com, deengert(at)gmail.com and/or
+jakuje(at)gmail.com .
+
+You can expect update on the issue no later than in two weeks.