From 115b4b70b1c3bf07606b9939b0c92b4264ab2cf4 Mon Sep 17 00:00:00 2001
From: Wade Simmons <wadey@slack-corp.com>
Date: Tue, 9 May 2023 11:25:21 -0400
Subject: [PATCH] add SECURITY.md (#864)

* add SECURITY.md

Fixes: #699

* add Security mention to New issue template

* cleanup
---
 .github/ISSUE_TEMPLATE/config.yml |  4 ++++
 SECURITY.md                       | 12 ++++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index 94e2c6b..9c675ca 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -11,3 +11,7 @@ contact_links:
   - name: 📱 Mobile Nebula
     url: https://github.com/definednet/mobile_nebula
     about: 'This issue tracker is not for mobile support. Try the Mobile Nebula repo instead!'
+
+  - name: 🔒 Report Security Vulnerability
+    url: https://github.com/slackhq/nebula/blob/master/SECURITY.md
+    about: 'Please view SECURITY.md to learn how to report security vulnerabilities.'
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..bfff621
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+Security Policy
+===============
+
+Reporting a Vulnerability
+-------------------------
+
+If you believe you have found a security vulnerability with Nebula, please let
+us know right away. We will investigate all reports and do our best to quickly
+fix valid issues.
+
+You can submit your report on [HackerOne](https://hackerone.com/slack) and our
+security team will respond as soon as possible.