From f7494da0b8349d757b5313dc22f4c0443a91dbd9 Mon Sep 17 00:00:00 2001
From: Dominic Schabel <dominic.schabel@bosch.io>
Date: Tue, 23 Feb 2021 10:15:47 +0100
Subject: [PATCH] How to report vulnerability

Signed-off-by: Dominic Schabel <dominic.schabel@bosch.io>
---
 .github/SECURITY.md | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 000000000..e0432d2c2
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,4 @@
+# Reporting a Security Vulnerability
+
+If you find a vulnerability, **DO NOT** disclose it in the public immediately! Instead, give us the possibility to fix it beforehand.
+So please don’t report your finding using GitHub issues and better head over to [https://eclipse.org/security](https://eclipse.org/security) and learn how to disclose a vulnerability in a safe and responsible manner