From 36607745d1c1d26dc68cb93d62aa467c822ca2a9 Mon Sep 17 00:00:00 2001
From: Norman Joyner <norman.joyner@gmail.com>
Date: Thu, 1 Jan 2026 22:42:51 -0500
Subject: [PATCH] Add security policy

---
 .github/SECURITY.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..b20ad63
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,24 @@
+# Halcyon Security Policy
+
+Version: **v1.0 (2026-01-01)**
+
+## Supported Versions
+
+We currently support the last 3 minor versions of Halcyon with security and bug fixes.
+
+We regularly perform patch releases for supported versions, which contain fixes for
+security vulnerabilities as well as important bugs. Prior releases might receive
+critical security fixes on best effort basis; however, it is not guaranteed that
+security fixes get back-ported to unsupported versions.
+
+## Reporting a Vulnerability
+
+If you discover a security issue in Halcyon, please report it responsibly,
+giving us time to investigate and fix the problem.
+We’ll do our best to respond quickly and work with you on a solution; however,
+it may take a bit longer at times, so we appreciate your patience.
+
+Security advisories are published via [GitHub Security Advisories](https://github.com/halcyonproj/halcyon/security/advisories)
+to ensure our userbase is abreast of such issues.
+
+To report a vulnerability, [open a GitHub Security Advisory](https://github.com/halcyonproj/halcyon/security/advisories/new).