From 22806bf3649be2814fff6b7a40c183e78feb767d Mon Sep 17 00:00:00 2001
From: Saurabh Misra <misra.saurabh1@gmail.com>
Date: Wed, 6 Aug 2025 18:50:57 -0700
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..c2c0874d2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+This document outlines Codeflash's vulnerability disclosure policy. For more information about Codeflash's approach to security, please visit [codeflash.ai/security](https://www.codeflash.ai/security).
+
+## Supported Versions
+
+Since Codeflash is moving quickly, we can only commit to fixing security issues for the latest version of codeflash client.
+If a vulnerability is discovered in our backend, we will release the fix for all the users.
+
+## Reporting a Vulnerability
+
+
+Please do not report security vulnerabilities through public GitHub issues.
+
+Instead, please report them to our [GitHub Security page](https://github.com/codeflash-ai/codeflash/security). If you prefer to submit one without using GitHub, you can also email us at security@codeflash.ai.
+
+We commit to acknowledging vulnerability reports immediately, and will work to fix active vulnerabilities as soon as we can. We will publish resolved vulnerabilities in the form of security advisories on our GitHub security page. Critical incidents will be communicated both on the GitHub security page and via email to all affected users.
+
+We appreciate your help in making Codeflash more secure for everyone. Thank you for your support and responsible disclosure.