Add GitHub security template

Add a SECURITY.md file, so GitHub will
show a 'Report a security vulnerability' pointing
to the Policy when trying to create one issue.

1 files changed, 13 insertions, 0 deletions

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..856dbceaca
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in Perl, please email the details to perl5-security-report@perl.org
+
+This creates a new Request Tracker ticket in a special queue which isn't initially publicly accessible. The email will also be copied to a closed subscription unarchived mailing list which includes all the core committers, who will be able to help assess the impact of issues, figure out a resolution, and help co-ordinate the release of patches to mitigate or fix the problem across all platforms on which Perl is supported. Please only use this address for security issues in the Perl core, not for modules independently distributed on CPAN.
+
+When sending an initial request to the security email address, please don't Cc any other parties, because if they reply to all, the reply will generate yet another new ticket. Once you have received an initial reply with a [perl #NNNNNN] ticket number in the headline, it's okay to Cc subsequent replies to third parties: all emails to the perl5-security-report address with the ticket number in the subject line will be added to the ticket; without it, a new ticket will be created.
+
+## PerlSec
+
+Read more at https://perldoc.perl.org/perlsec.html