From a92cb5dd7b8b0bac96171b994f2b9b7a815604f4 Mon Sep 17 00:00:00 2001
From: Derek Bailey <derekbailey@google.com>
Date: Wed, 19 May 2021 11:55:50 -0700
Subject: [PATCH] Create Security.md

Defining our security reporting process.
---
 SECURITY.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..c61f66f84
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security issue, please use http://g.co/vulnz. We use
+http://g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.
+
+Select the `I want to report a technical security or an abuse risk related bug
+in a Google product (SQLi, XSS, etc.)` option and complete the form.