From ebbc0f344b162ccc5b47f98c68a8684c345b6225 Mon Sep 17 00:00:00 2001
From: Tim Perry <pimterry@gmail.com>
Date: Fri, 26 Jan 2024 12:30:13 +0100
Subject: [PATCH] Add security report policy

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 3aa15d3..d0319cf 100644
--- a/README.md
+++ b/README.md
@@ -181,3 +181,7 @@ To actually make your changes, you just need to set up the codebase:
 * `npm run build` - compiles the code
 * `npm test` - no tests for now, so this just checks the code compiles (it's the same as `build`). Tests welcome!
 * `npm run storybook` - starts up the storybook and opens it in your browser. You'll probably need to `npm run build` first, and again later if you make changes in `src/`.
+
+## Security contact information
+
+To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
\ No newline at end of file