From f65feff1f950533629e9c96226e6b7381e2b0933 Mon Sep 17 00:00:00 2001
From: Winni Neessen <wn@neessen.net>
Date: Sun, 17 Mar 2024 21:32:57 +0100
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..f64ad28
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+<!--
+SPDX-FileCopyrightText: 2021-2024 Winni Neessen <wn@neessen.dev>
+
+SPDX-License-Identifier: CC0-1.0
+-->
+
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report (possible) security issues in apg-go, please either send a mail to 
+[security@neessen.dev](mailto:security@neessen.dev) or use Github's 
+[private reporting feature](https://github.com/wneessen/apg-go/security/advisories/new).
+Reports are always welcome. Even if you are not 100% certain that a specific issue you found
+counts as a security issue, we'd love to hear the details, so we can figure out together if
+the issue in question needds to be addressed.
+
+Typically, you will receive an answer within a day or even within a few hours.
+
+## Encryption
+You can send OpenPGP/GPG encrpyted mails to the [security@neessen.dev](mailto:security@neessen.dev) address.
+
+OpenPGP/GPG public key:
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+xjMEZfdSjxYJKwYBBAHaRw8BAQdA8YoxV0iaLJxVUkBlpC+FQyOiCvWPcnnk
+O8rsfRHT22bNK3NlY3VyaXR5QG5lZXNzZW4uZGV2IDxzZWN1cml0eUBuZWVz
+c2VuLmRldj7CjAQQFgoAPgWCZfdSjwQLCQcICZAajWCli0ncDgMVCAoEFgAC
+AQIZAQKbAwIeARYhBB6X6h8oUi9vvjcMFxqNYKWLSdwOAACHrQEAmfT2HNXF
+x1W0z6E6PiuoHDU6DzZ1MC6TZkFfFoC3jJ0BAJZdZnf6xFkVtEAbxNIVpIkI
+zjVxgI7gefYDXbqzQx4PzjgEZfdSjxIKKwYBBAGXVQEFAQEHQBdOGYxMLrCy
++kypzTe9jgaEOjob2VVsZ2UV2K9MGKYYAwEIB8J4BBgWCgAqBYJl91KPCZAa
+jWCli0ncDgKbDBYhBB6X6h8oUi9vvjcMFxqNYKWLSdwOAABIFAEA3YglATpF
+YrJxatxHb+yI6WdhhJTA2TaF2bxBl10d/xEA/R5CKbMe3kj647gjiQ1YXQUh
+dM5AKh9kcJn6FPLEoKEM
+=nm5C
+-----END PGP PUBLIC KEY BLOCK-----
+```