From 0a03aed5880d9b6e4e3b80fb7b54c43e763b11d5 Mon Sep 17 00:00:00 2001
From: Jordan Rose <jrose@signal.org>
Date: Wed, 17 Mar 2021 17:52:47 -0700
Subject: [PATCH] Add SECURITY.md so that GitHub can display it

The content matches our support article "How can I report a security
vulnerability?", with tweaks to make it clearer what is or isn't in
scope.

https://support.signal.org/hc/en-us/articles/360007320791-How-can-I-report-a-security-vulnerability-
---
 SECURITY.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..6c9d93b6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+If you've found a security vulnerability in Signal, please report it via email to
+<security@signal.org>.
+
+Please only use this address to report security flaws in the Signal application (including this
+repository). For questions, support, or feature requests concerning the app, please submit a
+[support request][] or join the [unofficial community forum][].
+
+[support request]: https://support.signal.org/hc/requests/new
+[unofficial community forum]: https://community.signalusers.org/