From 60ba59ebfdcced2a8ce99ce15dd91a1804096fc3 Mon Sep 17 00:00:00 2001
From: mattwiese-aptible <113056322+mattwiese-aptible@users.noreply.github.com>
Date: Tue, 28 Feb 2023 14:14:49 -0500
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..ff1febe
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Aptible Open Source Security Policies and Procedures
+
+This document outlines security procedures and general policies for the Aptible open source projects as found on https://github.com/aptible.
+
+  * [Reporting a Vulnerability](#reporting-a-vulnerability)
+  * [Responsible Disclosure Policy](#responsible-disclosure-policy)
+
+## Reporting a Vulnerability 
+
+The Aptible team and community take all security vulnerabilities
+seriously. Thank you for improving the security of our open source software. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
+
+Report security vulnerabilities by emailing the Aptible security team at:
+    
+    security@aptible.com
+
+Security researchers can also privately report security vulnerabilities to repository maintainers using the GitHub "Report a Vulnerability" feature. [See how-to here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability).
+
+The Aptible team will acknowledge your email within 24 business hours and send a detailed response within 48 business hours indicating the next steps in handling your report. The Aptible security team will keep you informed of the progress and may ask for additional information or guidance.
+
+## Responsible Disclosure Policy
+
+Please see Aptible's Responsible Disclosure Policy here: https://www.aptible.com/legal/responsible-disclosure/