Create SECURITY.md

1 files changed, 24 insertions, 0 deletions

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..762149554f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+See [RabbitMQ Release Series](https://www.rabbitmq.com/versions.html) for a list of currently supported
+versions.
+
+Vulnerabilities reported for versions out of support will not be investigated.
+
+
+## Reporting a Vulnerability
+
+Please responsibly disclosure vulnerabilities to `security@rabbitmq.com` and include the following information:
+
+ * RabbitMQ and Erlang versions used
+ * Operating system used
+ * A set of steps to reproduce the observed behavior
+ * An archive produced by [rabbitmq-collect-env](https://github.com/rabbitmq/support-tools/blob/master/scripts/rabbitmq-collect-env)
+ 
+ RabbitMQ core team will get back to you after we have triaged the issue. If there's no sufficient reproduction
+ information available, we won't be able to act on the report.
+ 
+ RabbitMQ core team does not have a security vulnerability bounty programme at this time.
+