From 68101114ced530d5465b3ca40e6f92f74ec7610c Mon Sep 17 00:00:00 2001
From: Callum Farmer <gmbr3@opensuse.org>
Date: Fri, 6 Sep 2024 16:42:53 +0100
Subject: [PATCH] Add security policy

Requires 'Private vulnerability reporting' be enabled on GitHub
---
 SECURITY.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..263a91e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.0.x   | :white_check_mark: |
+| 3.0.x   | :x:                |
+| 3.0a    | :x:                |
+
+## Reporting a Vulnerability
+
+Please provide:
+1. Details of how the EFI binary was produced
+2. Where the vulnerability is found in gnu-efi's source code (if known)
+3. Steps to (re-)produce the vulnerability
+
+[Report here](https://github.com/ncroxon/gnu-efi/security/advisories/new)