From 788a2e7d5788af4c7b5da8ccc3a7b0570bcbec97 Mon Sep 17 00:00:00 2001
From: Richard Zak <richard.j.zak@gmail.com>
Date: Mon, 25 Dec 2023 11:15:26 -0500
Subject: [PATCH] doc: add security document

Signed-off-by: Richard Zak <richard.j.zak@gmail.com>
---
 SECURITY.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..6518694
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+## MalwareDB Security & Vulnerability Disclosure Process
+
+If any vulnerability or security issue is discovered in MalwareDB (or any repository under the [MalwareDB](https://github.com/malwaredb/) organization, please inform the maintainer via email at richard.j.zak *at* gmail.com. If you wish to communicate via GPG, send an email requesting a GPG public key, or send an email to rjzak *at* protonmail.ch.
+
+Please include:
+* The steps needed to reproduce the vulnerability;
+* The vulnerable version(s), preferably with Git hash (`git log -1`);
+* and any additional files to reproduce the vulnerability.
+
+Upon receipt, the maintainer will review, respond, and fix the vulnerability in a timely manner.