From ef852a52f96b87fc7c4912888e0f286b6455ef05 Mon Sep 17 00:00:00 2001
From: Heath Stewart <heaths@outlook.com>
Date: Mon, 10 Feb 2020 21:12:18 -0800
Subject: [PATCH] Add security policy (#7327)

---
 README.md   | 4 ++++
 SECURITY.md | 8 ++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index c320ac68e5c2..939e7936386c 100644
--- a/README.md
+++ b/README.md
@@ -544,6 +544,10 @@ The `PollingDelay` and `PollingDuration` values are used exclusively by [WaitFor
 - Azure API docs are at [docs.microsoft.com/rest/api](https://docs.microsoft.com/rest/api/).
 - General Azure docs are at [docs.microsoft.com/azure](https://docs.microsoft.com/azure).
 
+## Reporting security issues and security bugs
+
+Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) <secure@microsoft.com>. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the [Security TechCenter](https://www.microsoft.com/msrc/faqs-report-an-issue).
+
 ## License
 
 Apache 2.0, see [LICENSE](./LICENSE).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..79589f291845
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) <secure@microsoft.com>. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the [Security TechCenter](https://www.microsoft.com/msrc/faqs-report-an-issue).
+
+Please do not open issues for anything you think might have a security implication.
+