From 67e41892c629bde4d588a623daa3d97a57de354c Mon Sep 17 00:00:00 2001
From: Philipp Wollermann <philwo@google.com>
Date: Fri, 27 Aug 2021 08:56:11 -0700
Subject: [PATCH] Create SECURITY.md

Closes #13911.

PiperOrigin-RevId: 393361598
---
 README.md   |  9 +++++++++
 SECURITY.md | 10 ++++++++++
 2 files changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index c7ef34decb8f94..a7bd369856636e 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,15 @@ Build and test software of any size, quickly and reliably.
   * [Roadmap](https://bazel.build/roadmap.html)
   * [Who is using Bazel?](https://github.com/bazelbuild/bazel/wiki/Bazel-Users)
 
+## Reporting a Vulnerability
+
+To report a security issue, please email security@bazel.build with a description
+of the issue, the steps you took to create the issue, affected versions, and, if
+known, mitigations for the issue. Our vulnerability management team will respond
+within 3 working days of your email. If the issue is confirmed as a
+vulnerability, we will open a Security Advisory. This project follows a 90 day
+disclosure timeline.
+
 ## Contributing to Bazel
 
 See [CONTRIBUTING.md](CONTRIBUTING.md)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000000..fbc691eb654b44
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security issue, please email security@bazel.build with a description
+of the issue, the steps you took to create the issue, affected versions, and, if
+known, mitigations for the issue. Our vulnerability management team will respond
+within 3 working days of your email. If the issue is confirmed as a
+vulnerability, we will open a Security Advisory. This project follows a 90 day
+disclosure timeline.