From eaae0e3aec1233ee9554c96305c8875645e2e866 Mon Sep 17 00:00:00 2001
From: Gustaw Lippa <34194983+gustawlippa@users.noreply.github.com>
Date: Fri, 25 Feb 2022 11:03:53 +0100
Subject: [PATCH] Create SECURITY.md

---
 .github/SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000000..9a05610f94
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+We support the newest major version of MongooseIM based on the two latest OTP versions.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.x     | :white_check_mark: |
+| < 5.0   | :x:                |
+
+## Reporting a Vulnerability
+
+To report a vulnerability please contact us at mongoose-im@erlang-solutions.com.
+
+We will try to get back to you as quickly as we can, given that we are a relatively small, open-source team.
+If the vulnerability is confirmed, we will try to patch it as soon as our resources allow.
+
+We do not provide a bug bounty.
+
+We proudly support the [Erlang Ecosystem Foundation](https://erlef.org/), which includes the [Security Working Group](https://erlef.org/wg/security).