From 3801e3da7f88910f0b58e5361fb806ee741174f3 Mon Sep 17 00:00:00 2001
From: Eric VanArtsdalen <51057632+eric-vanartsdalen@users.noreply.github.com>
Date: Tue, 24 Mar 2026 20:49:54 +0000
Subject: [PATCH] Revise security policy with reporting and disclosure info

Updated the security policy to include reporting guidelines and disclosure expectations.
---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..43f6dab0f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please do **not** use public GitHub issues, discussions, or pull requests for security reports.
+
+For suspected vulnerabilities, please use **GitHub Private Vulnerability Reporting** via the repository's **Security** tab.
+
+## Please Include
+
+- Description of the vulnerability
+- Affected area and versions, if known
+- Reproduction steps or proof of concept
+- Expected impact
+- Suggested remediation, if available
+
+## Disclosure
+
+Please allow time for investigation and remediation before public disclosure. We will try to acknowledge reports within a timely manor.
+
+## Public Channels
+
+Please do not post undisclosed vulnerabilities in:
+
+- GitHub Issues
+- GitHub Discussions
+- Pull Requests
+-