From fb08fdd225b0771dd6ee67a059c54b019938827d Mon Sep 17 00:00:00 2001
From: "Dan O. Williams" <11464021+thisisdano@users.noreply.github.com>
Date: Mon, 4 Mar 2024 09:51:41 -0800
Subject: [PATCH] Add GSA security policy

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..4b05cc638
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+As a U.S. Government agency, the General Services Administration (GSA) takes
+seriously our responsibility to protect the public's information, including
+financial and personal information, from unwarranted disclosure.
+
+Software developed by the U.S. General Services Administration (GSA)
+is subject to the [GSA Vulnerability Disclosure Policy](https://gsa.gov/vulnerability-disclosure-policy).
+
+Please consult our policy for:
+* How to submit a report if you believe you have discovered a vulnerability.
+* GSA's coordinated disclosure policy.
+* Information on how you may conduct security research on GSA developed
+  software and systems.
+* Important legal and policy guidelines.
+
+## Supported Versions
+
+Please note that only certain branches are supported with security updates.
+
+| Version (Branch) | Supported          |
+| ---------------- | ------------------ |
+| main             | :white_check_mark: |
+| develop          | :white_check_mark: |
+| other            | :x:                |
+
+When using this code or reporting vulnerabilities please only use supported
+versions.