From 4af8d493103e1bc9511fa30a140295199ca8d95d Mon Sep 17 00:00:00 2001
From: Theresa Gresch <theresagresch@gmail.com>
Date: Mon, 31 May 2021 17:06:18 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..c63be254b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+# Security Policy
+
+When you think you've discovered a security issue, please contact us at hello@photoprism.app.
+
+Your report should at least include the following:
+
+- Version and architecture
+- Vulnerability description
+- Reproduction steps
+
+We will then try to reproduce it, determine the impact, and get back to you as soon as possible.
+
+Please also report vulnerabilities in third-party applications.
+
+### Responsible Disclosure ###
+
+- Only test for vulnerabilities on your own PhotoPrism instance
+- Confirm the vulnerability applies to a supported version
+- Share vulnerability details with us first
+- Wait for a fix before publicly sharing details