From 0868e73d2c720839dfe7cc519335eed893bea534 Mon Sep 17 00:00:00 2001
From: InSync <insyncwithfoo@gmail.com>
Date: Tue, 18 Feb 2025 21:42:55 +0700
Subject: [PATCH] Add `SECURITY.md` (#16224)

## Summary

Resolves #16206.

The file was copied almost verbatim from
[uv's](https://github.com/astral-sh/uv/blob/929e7c3ad96ff6b14aeb60527e6a4526ed24ec43/SECURITY.md),
with the first section removed.

## Test Plan

None.
---
 SECURITY.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..13a07e45eb
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security policy
+
+## Reporting a vulnerability
+
+If you have found a possible vulnerability, please email `security at astral dot sh`.
+
+## Bug bounties
+
+While we sincerely appreciate and encourage reports of suspected security problems, please note that
+Astral does not currently run any bug bounty programs.
+
+## Vulnerability disclosures
+
+Critical vulnerabilities will be disclosed via GitHub's
+[security advisory](https://github.com/astral-sh/ruff/security) system.