From 2721f1f7c9e8ac255ecc8f5541eb27c2fbe93a56 Mon Sep 17 00:00:00 2001
From: Winni Neessen <winfried.neessen@cleverbridge.com>
Date: Wed, 20 Mar 2024 20:55:33 +0100
Subject: [PATCH] Add SECURITY.md with vulnerability reporting procedures

SECURITY.md file has been added which contains instructions on how to report a possible security issue in js-mailer. This incorporates details for private messaging or email, typical response times, and an OpenPGP/GPG public key for encrypted communication.
---
 SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..8968104
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,38 @@
+<!--
+SPDX-FileCopyrightText: 2021-2024 Winni Neessen <wn@neessen.dev>
+
+SPDX-License-Identifier: CC0-1.0
+-->
+
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report (possible) security issues in js-mailer, please either send a mail to 
+[security@neessen.dev](mailto:security@neessen.dev) or use Github's 
+[private reporting feature](https://github.com/wneessen/js-mailer/security/advisories/new).
+Reports are always welcome. Even if you are not 100% certain that a specific issue you found
+counts as a security issue, we'd love to hear the details, so we can figure out together if
+the issue in question needds to be addressed.
+
+Typically, you will receive an answer within a day or even within a few hours.
+
+## Encryption
+You can send OpenPGP/GPG encrpyted mails to the [security@neessen.dev](mailto:security@neessen.dev) address.
+
+OpenPGP/GPG public key:
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+xjMEZfdSjxYJKwYBBAHaRw8BAQdA8YoxV0iaLJxVUkBlpC+FQyOiCvWPcnnk
+O8rsfRHT22bNK3NlY3VyaXR5QG5lZXNzZW4uZGV2IDxzZWN1cml0eUBuZWVz
+c2VuLmRldj7CjAQQFgoAPgWCZfdSjwQLCQcICZAajWCli0ncDgMVCAoEFgAC
+AQIZAQKbAwIeARYhBB6X6h8oUi9vvjcMFxqNYKWLSdwOAACHrQEAmfT2HNXF
+x1W0z6E6PiuoHDU6DzZ1MC6TZkFfFoC3jJ0BAJZdZnf6xFkVtEAbxNIVpIkI
+zjVxgI7gefYDXbqzQx4PzjgEZfdSjxIKKwYBBAGXVQEFAQEHQBdOGYxMLrCy
++kypzTe9jgaEOjob2VVsZ2UV2K9MGKYYAwEIB8J4BBgWCgAqBYJl91KPCZAa
+jWCli0ncDgKbDBYhBB6X6h8oUi9vvjcMFxqNYKWLSdwOAABIFAEA3YglATpF
+YrJxatxHb+yI6WdhhJTA2TaF2bxBl10d/xEA/R5CKbMe3kj647gjiQ1YXQUh
+dM5AKh9kcJn6FPLEoKEM
+=nm5C
+-----END PGP PUBLIC KEY BLOCK-----
+```