From 7ae1ddfe4d53139d695c863a70350a8917cafc86 Mon Sep 17 00:00:00 2001
From: Marc Ransome <marc.ransome@fidgetbox.co.uk>
Date: Fri, 12 Jul 2024 23:28:03 +0100
Subject: [PATCH] Add security policy

---
 SECURITY.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..02fc56a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+Patches for security vulnerabilities will be made available at the earliest opportunity. The versions that are eligible for such patches depend on the [CVSS v4.0](https://www.first.org/cvss/v4-0/) severity rating:
+
+| CVSS v4.0 | Supported Versions                        |
+| --------- | ----------------------------------------- |
+| 9.0-10.0  | Releases within the previous three months |
+| 4.0-8.9   | Most recent release                       |
+
+## Reporting a Vulnerability
+
+In the first instance, please report suspected security vulnerabilities using [private vulnerability reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) by navigating to the [Security](https://github.com/fish-shop/syntax-check/security) tab of this repository and clicking "Report a vulnerability". Alternatively, submit your report by email to **[marc.ransome@fidgetbox.co.uk](mailto:marc.ransome@fidgetbox.co.uk)**. You should generally expect a response within 48 hours.