hmcts · mpope13 · Mar 5, 2026 · Mar 4, 2026 · Mar 5, 2026 · Mar 5, 2026
@@ -15,7 +15,13 @@ Use the links below as a guide to support decision making in relation to code in
 
 - [Pre-release Code Checklist] (https://tools.hmcts.net/confluence/spaces/DATS/pages/1903995798/2.+Pre-release+code+checklist) – Steps to validate code is suitable to be released into a public repository.
 
-- [Code in Private Repo Exception Process] (https://tools.hmcts.net/confluence/spaces/DATS/pages/1903995831/3.+Code+in+Private+Repo+Exception+Process) – How to request and manage exceptions for private repositories.
+## Vulnerability reporting
+
+A SECURITY.md file defines a projects vulnerability reporting process, giving researchers a private, responsible disclosure channel instead of public issue trackers. It sets clear expectations around supported versions and response timelines, reduces exploitation risk, builds community trust, and signals security maturity — recognized natively by platforms like GitHub.
+
+The security.md template file can be found in the link below
+
+https://github.com/hmcts/hmcts.github.io/blob/main/security.md
 
 Use these guidelines to keep your code reliable, secure, and compliant.