From e600fc049de031534f18b612b065318ce04b3a01 Mon Sep 17 00:00:00 2001
From: Pooya Parsa <pooya@pi0.io>
Date: Thu, 24 Aug 2023 19:36:45 +0200
Subject: [PATCH] chore: add `security.md`

---
 SECURITY.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..8ea8d0ba
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## ⚠️ Reporting a Vulnerability
+
+To report a vulnerability, please send an email to [security+ufo@unjs.io](mailto:security+ufo@unjs.io) or submit it for a bounty via [Huntr](https://huntr.dev/bounties/disclose/?target=https://github.com/unjs/ufo).
+
+All security vulnerabilities will be promptly verified and addressed.
+
+We recommend to regulary upgrade and publish with the latest versions of used packages and sub-dependencies by maintaining lock files (`yarn.lock`, `package-lock.json` and `pnpm-lock.yaml`) in order to ensure your application remains as secure as possible.