Merge pull request #2069 from hackforla/krystalphn-security-policy

rayneng · web-flow · commit 65fd816b0121 · 2026-01-31T15:08:12.000-08:00
Create SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+This project supports the `main` branch only.
+
+## Reporting a Vulnerability
+If you discover a security vulnerability, please do **not** open a public issue.
+
+Instead, report it by emailing:
+311-data@hackforla.org
+
+Please include:
+- A description of the vulnerability
+- Steps to reproduce (if applicable)
+- Any relevant screenshots or logs
+
+## Response Timeline
+We aim to acknowledge security reports within 72 hours and will provide updates as appropriate.
+
+## Responsible Disclosure
+We ask that you give us a reasonable amount of time to respond before publicly disclosing any issues.
