From eb65c4f07f747694f9e96726acee1a65badb8e03 Mon Sep 17 00:00:00 2001
From: Fabian Kaczmarczyck <kaczmarczyck@google.com>
Date: Fri, 9 Jul 2021 11:32:31 +0200
Subject: [PATCH] adds and links new security policy

---
 README.md   | 4 ++++
 SECURITY.md | 4 ++++
 2 files changed, 8 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index 5d16c8be..3a51ee25 100644
--- a/README.md
+++ b/README.md
@@ -202,3 +202,7 @@ cargo run --manifest-path tools/heapviz/Cargo.toml -- --logfile console.log --fp
 ## Contributing
 
 See [Contributing.md](docs/contributing.md).
+
+## Reporting a Vulnerability
+
+See [SECURITY.md](SECURITY.md).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..ce1f393f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,4 @@
+To report a security issue, please use http://g.co/vulnz. We use
+http://g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.