From 527c9763dc77481edc8d04e12a4638bfa41ae5f9 Mon Sep 17 00:00:00 2001
From: Alex Stewart <alex.stewart@ni.com>
Date: Thu, 30 Nov 2023 16:42:13 -0500
Subject: [PATCH] add SECURITY.md

Add a short document directing contributors on how to report security
issues against the project.

Signed-off-by: Alex Stewart <alex.stewart@ni.com>
---
 SECURITY.md | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..dc033cf
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+Reporting Security Issues
+=========================
+
+If you would like to report a public issue (for example, one with a released CVE number), please report it using the [opkg bugzilla tracker](https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=Product%3Aopkg).
+
+If you have a patch ready, submit it following the same procedure as any other patch as described in [CONTRIBUTING](https://git.yoctoproject.org/opkg-utils/tree/CONTRIBUTING).
+
+If you are reporting an unreleased or urgent issue, please send an email directly to the project maintainer: <alex.stewart@ni.com>. Be sure to include all the details you can about reproducing or exploiting the issue.
\ No newline at end of file