chore(policy): Security Vulnerability reporting (#1798)

Modeled after https://github.com/open-telemetry/opentelemetry-collector-contrib/security. Intended to be generic, will be used on all of our public repositories.
observIQ · Aug 14, 2024 · b167938 · b167938
1 parent 65b8b5e
commit b167938
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you find something suspicious and want to report it, we'd really appreciate!
+
+### Ways to Report
+
+In order for the vulnerability reports to reach maintainers as soon as possible, the preferred way is to use the
+`Report a vulnerability button` on the `Security` tab in the respective GitHub repository. It creates a private
+communication channel between the reporter and the maintainers.
+
+If you are absolutely unable to or have strong reasons not to use GitHub reporting workflow, please send an email
+to support@observiq.com.