From 20373aadcb56b00ebb8c7ee7d9f4f2d94baf1686 Mon Sep 17 00:00:00 2001
From: "Spencer C. Imbleau" <spencer@imbleau.com>
Date: Thu, 27 Mar 2025 10:44:06 -0400
Subject: [PATCH] Create SECURITY.md

Add a security policy for potential CVEs.
---
 SECURITY.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a926960
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Discussion of security relating to swash happens in the [Linebender Zulip](https://xi.zulipchat.com/), specifically the [#parley channel](https://xi.zulipchat.com/#narrow/channel/205635-parley). All public content can be read without logging in. Depending on the severity of a potential vulnerability, consider privately messaging administrators of the Zulip channel.