From da60fa0047092bb59ca3146380745ed7bb6b5c74 Mon Sep 17 00:00:00 2001
From: larabr <larabr@protonmail.com>
Date: Fri, 23 Jul 2021 14:06:34 +0200
Subject: [PATCH] Add security policy (#1388)

---
 SECURITY.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..5f465ffba
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you believe you have found a security vulnerability in OpenPGP.js, please report it via email to [security@openpgpjs.org](mailto:security@openpgpjs.org). If possible, encrypt your message with our PGP key: it can be downloaded automatically using [WKD](https://wiki.gnupg.org/WKD), or manually on [openpgpjs.org](https://openpgpjs.org/.well-known/openpgpkey/hu/t5s8ztdbon8yzntexy6oz5y48etqsnbb?l=security).
+
+You should receive a response within 2 working days.
\ No newline at end of file