From 5189497ecf493fd36ab9d757dc6d69094ca28ae4 Mon Sep 17 00:00:00 2001
From: Yannick Marcon <yannick.marcon@obiba.org>
Date: Fri, 8 Nov 2024 15:37:37 +0100
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..595ca02711
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+OBiBa follows [semantic versioning](https://semver.org/) recommendations.
+
+We use various code scanning services to automatically detect any new vulnerabilities.
+
+Due to limited maintenance resources, only the branch of the latest release is updated with patch fixes as soon as a vulnerability is discovered. If a vulnerability is design-related a minor version will be prepared instead. 
+
+Note that we provide limited free support to previous branches: we always make sure that new releases are backward compatible, then the recommendation is to always use the latest version. In case an upgrade to latest major/minor version is not possible, we can set up a commercial agreement to backport corrections to previous branches.
+
+## Reporting a Vulnerability
+
+You can report a vulnerability by:
+
+* Using the `Report a vulneralibity` service of GitHub from the repository page, `Security` section.
+* By sending an email at dev@obiba.org.