From 51324e3b59130e79dd937253f1286c8a5fb9f3ce Mon Sep 17 00:00:00 2001
From: Ry Jones <ry@linux.com>
Date: Wed, 25 Sep 2019 10:18:23 -0700
Subject: [PATCH] [IN-68] Add default GitHub SECURITY policy

Signed-off-by: Ry Jones <ry@linux.com>
Change-Id: Ic31e7d354c547092dddaa3d8619ce94783864395
---
 SECURITY.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..91509aa05
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Hyperledger Security Policy
+
+## Reporting a Security Bug
+
+If you think you have discovered a security issue in any of the Hyperledger projects, we'd love to hear from you. We will take all security bugs seriously and if confirmed upon investigation we will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.
+
+There are two ways to report a security bug. The easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to [security at hyperledger dot org](mailto:security@hyperledger.org).
+
+The other way is to file a confidential security bug in our [JIRA bug tracking system](https://jira.hyperledger.org). Be sure to set the “Security Level” to “Security issue”.
+
+The process by which the Hyperledger Security Team handles security bugs is documented further in our [Defect Response page](https://wiki.hyperledger.org/display/HYP/Defect+Response) on our [wiki](https://wiki.hyperledger.org).
+