From a6a863e89a4313e0055df94fa9b7d46bcacf7994 Mon Sep 17 00:00:00 2001
From: David Kocher <dkocher@iterate.ch>
Date: Mon, 13 Jan 2025 09:29:07 +0100
Subject: [PATCH] Publish security policy.

---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..4dc2bb9e62
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+Only the [latest](https://cyberduck.io/changelog/) version is supported with security updates.
+
+## Reporting a Vulnerability
+
+We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your
+contributions.
+
+To report a security vulnerability, use
+the [GitHub Security Advisory feature](https://github.com/iterate-ch/cyberduck/security/advisories). This feature allows
+you to privately discuss, fix, and publish information about security vulnerabilities.
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+## Preferred Language
+
+We prefer all communications to be in English.
\ No newline at end of file