From deeed79fbd3e593a11d3729b5f06faf03b2021b9 Mon Sep 17 00:00:00 2001
From: qexat <contact@qexat.com>
Date: Wed, 24 Apr 2024 19:08:48 +0200
Subject: [PATCH] meta: add security policy

---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..dc564c1
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+As a rule of thumb, check the major number of the current release.
+Any major number less than that should be considered unsupported *unless* there is an incentive to support it (such as high(er) popularity/use).
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.x.x   | :white_check_mark: |
+| < 2.0   | :x:                |
+
+> [!NOTE]
+> If you have a critical project that depends on a vulnerable, unsupported version such that you cannot upgrade,
+> please contact me so that we can make arrangements to provide a patch. However, this will not be free of charge.
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability, please contact contact@qexat.com.
+If you haven't gotten any response in the following 7 days, please reach me out on Discord at `qexat`.
+
+## Not sure if this is a Vulnerability
+
+If you found a bug and are uncertain about whether it constitutes a vulnerability or not, please contact me anyway.
+We will discuss if it is one, and if you can report the bug via the usual tracker.