From 7e51e717fb983f2620203420c800a4edcad58abc Mon Sep 17 00:00:00 2001
From: James Hewitt <james.hewitt@uk.ibm.com>
Date: Thu, 22 Sep 2022 23:40:10 +0100
Subject: [PATCH] Add information about security

Versions that will receive security fixes, and
how to report vulnerabilities to the maintainers.

Signed-off-by: James Hewitt <james.hewitt@uk.ibm.com>
---
 SECURITY.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..f79de790
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+These versions are currently receiving security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.0.x   | :white_check_mark: |
+| 2.7.x   | :white_check_mark: |
+| < 2.7   | :x:                |
+
+## Reporting a Vulnerability
+
+To report a security disclosure, emails the project maintainers on the maintainer mailing list: cncf-distribution-maintainers@lists.cncf.io