Add security policy (#1342) * Add security policy Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com> * Remove email, ask for version, description optional --------- Signed-off-by: Pedro Kaj Kjellerup Nacht <pnacht@google.com>

commit: fc3fe26ef6a57ac6046839960ae6f069fdc33ee8 [log] [tgz]
author: Pedro Nacht <pnacht@google.com> Mon Apr 17 15:16:02 2023 -0300
committer: GitHub <noreply@github.com> Mon Apr 17 11:16:02 2023 -0700
tree: 958bf0adfd25e95b39749a3ccbbcb5fa1d90f4d8
parent: 56d6036e5fc73417dd1e0b0077a2a8822d902b94 [diff]
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..5623beb
--- /dev/null
+++ b/SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+If you have discovered a security vulnerability in this project, please report it
+privately. **Do not disclose it as a public issue.** This gives us time to work with you
+to fix the issue before public exposure, reducing the chance that the exploit will be
+used before a patch is released.
+
+Please submit the report through [here](https://github.com/AOMediaCodec/libavif/security/advisories/new).
+
+Please provide the following information in your report:
+
+- Which version you're using
+- How to reproduce the issue
+- A description of the vulnerability and its impact (optional but appreciated)
+
+We ask that you give us 90 days to work on a fix before public exposure.
commit	fc3fe26ef6a57ac6046839960ae6f069fdc33ee8	[log] [tgz]
author	Pedro Nacht <pnacht@google.com>	Mon Apr 17 15:16:02 2023 -0300
committer	GitHub <noreply@github.com>	Mon Apr 17 11:16:02 2023 -0700
tree	958bf0adfd25e95b39749a3ccbbcb5fa1d90f4d8
parent	56d6036e5fc73417dd1e0b0077a2a8822d902b94 [diff]