diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..f6a5230087 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,24 @@ +# Security Policy + +## Supported Versions + +We provide security updates for the following releases. +For more on Spack's release structure, see +[`README.md`](https://github.com/spack/spack#releases). + + +| Version | Supported | +| ------- | ------------------ | +| develop | :white_check_mark: | +| 0.16.x | :white_check_mark: | + +## Reporting a Vulnerability + +To report a vulnerability or other security +issue, email maintainers@spack.io. + +You can expect to hear back within two days. +If your security issue is accepted, we will do +our best to release a fix within a week. If +fixing the issue will take longer than this, +we will discuss timeline options with you.