From 178c5bce0edbdee59fcf968823a8fab95cc783b9 Mon Sep 17 00:00:00 2001
From: adilger <adilger@dilger.ca>
Date: Tue, 27 Feb 2024 11:50:11 -0700
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..4ddc4de
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+The currently supported maintenance release is 2.15.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.15.x  | :white_check_mark: |
+| 2.12.x  | limited            |
+| 2.10.x  | :x:                |
+| 2.7.x   | :x:                |
+
+## Reporting a Vulnerability
+
+If you have details of a suspected security vulnerability in Lustre code that you
+wish to report then please email us at security@whamcloud.com with the details.
+
+Please do not file a public JIRA issue for a security vulnerability - we do not want
+to draw attention to the vulnerability until a fix has been developed and administrators
+have been alerted and have had some time to put a mitigation in place.
+
+Ideally the reporting email should have as much detail as possible:
+
+- reproducer, versions affected, fix if available, etc.
+- indicate to whom (individual and/or affiliation) that credit for finding the issue should be reported
+- details of any CVE already reserved
+- our intentions around disclosing the details of the vulnerability
+
+We aim to respond to any such reports within three business days of receipt.
+
-- 
1.8.3.1