From af867091f30e960e56a8af5a8c2e205a7d39b915 Mon Sep 17 00:00:00 2001
From: Brian Cipriano <cipriano@google.com>
Date: Thu, 25 Jul 2019 17:03:30 -0700
Subject: [PATCH] Add a security policy. (#393)

---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..aab68760d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security and OpenCue
+
+The OpenCue Technical Steering Committee (TSC) takes security very
+seriously. We strive to design secure software, and utilize continuous 
+integration and code analysis tools to help identify potential 
+vulnerabilities.
+
+## Reporting Vulnerabilities
+
+Quickly resolving security related issues is a priority. If you think
+you've found a potential vulnerability in OpenCue, please report it by
+emailing <opencue-tsc-private@lists.aswf.io>. Only TSC members and ASWF
+project management have access to these messages.
+
+Include detailed steps to reproduce the issue, and any other information that
+could aid an investigation. Someone will assess the report and make every
+effort to respond within 14 days.
+
+## Outstanding Security Issues
+
+None
+
+## Addressed Security Issues
+
+None