From 2bce489159b530a6717fcbf1813bc2903d120a85 Mon Sep 17 00:00:00 2001
From: Roderick van Domburg <roderick@vandomburg.net>
Date: Mon, 1 Aug 2022 22:46:05 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..6a1c6b2e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+## Supported Versions
+
+We will support the latest release and main development branch with security updates.
+
+## Reporting a Vulnerability
+
+If you believe to have found a vulnerability in `librespot` itself or as a result from
+one of its dependencies, please report it by contacting one or more of the active
+maintainers directly, allowing no less than three calendar days to receive a response.
+
+If you believe that the vulnerability is public knowledge or already being exploited
+in the wild, regardless of having received a response to your direct messages or not,
+please create an issue report to warn other users about continued use and instruct
+them on any known workarounds.
+
+On your report you may expect feedback on whether we believe that the vulnerability
+is indeed applicable and if so, when and how it may be fixed. You may expect to
+be asked for assistance with review and testing.