From ca61d6e2afdd10f9f72f724a1dd64b18b6363d23 Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Fri, 24 Jun 2022 11:11:38 +0800
Subject: [PATCH] Add security policy guidelines

Add basic information about process for reporting security vulnerabilities in Espressif solutions.

This filename is recognized by GitHub:
https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository
---
 SECURITY.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..a8ef33fecf
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Please refer to https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html#support-periods for more details on ESP-IDF supported versions and support period policy.
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability in Espressif solutions (including ESP-IDF), then please send an email to our Bug Bounty team at bugbounty@espressif.com. Please do **NOT** create a public GitHub issue.