From ba9df8406d9c6ed937db32737312275427ae3733 Mon Sep 17 00:00:00 2001
From: Joscha <34318751+josxha@users.noreply.github.com>
Date: Sat, 14 Sep 2024 13:56:18 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..6c81afa4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,30 @@
+# Security Policy
+
+## Acceptable Use
+
+We generally invite security researchers to search for vulnerabilities
+in our services. We kindly ask to not put any actual user data or
+production systems at risk.
+
+## Reporting Vulnerabilities
+
+Report vulnerabilities via e-mail to <info@joscha-eckert.de>. We do not
+offer a GPG key for encryption.
+
+Please make sure that you include the following information:
+
+- Which version is affected
+- How can the bug be used/exploited
+- Explanation of the risk
+
+If you have not received an answer within a couple of days, feel free
+to contact us again.
+
+For used open source software, we recommend to file bug reports and/or
+pull requests against the upstream repositories. This includes hardening
+instructions in the installation documentation.
+
+## About this Policy
+
+This policy is based on the MIT licensed security policy of
+[digitalfabrik/security-policy](https://github.com/digitalfabrik/security-policy).
\ No newline at end of file