From 8256fba620ec66ff6c9a3380a9913f0721c2a9c2 Mon Sep 17 00:00:00 2001
From: Simon Hausmann <simon.hausmann@slint.dev>
Date: Tue, 10 Dec 2024 10:38:28 +0100
Subject: [PATCH] Add security policy (#7044)

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..0671af22312
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+<!-- Copyright © SixtyFPS GmbH <info@slint.dev> ; SPDX-License-Identifier: MIT -->
+
+# Security Policy
+
+## Supported Versions
+
+We commit to publishing security updates for the last release of Slint:
+
+| Name | Description | URL |
+| ---- | ----------- | --- |
+| `slint` Rust crate | Rust crate for Slint API | https://crates.io/crates/slint |
+| `slint-interpreter` Rust crate | Rust crate for Slint interpreter API | https://crates.io/crates/slint-interpreter |
+| Slint for C++ | CMake package for Slint | https://github.com/slint-ui/slint/releases/latest |
+| `slint-ui` NPM package | Node.js API for Slint | https://www.npmjs.com/package/slint-ui |
+| `slint` Python Package | Python API for Slint | https://pypi.org/project/slint/ |
+| Slint Visual Studio Code Extension | IDE Integration into VS Code | https://marketplace.visualstudio.com/items?itemName=Slint.slint |
+| `slint-viewer` | Convenience tool to view `.slint` files from the command line | https://crates.io/crates/slint-viewer \| https://github.com/slint-ui/slint/releases/latest |
+| `slint-lsp` | Language Server Protocol implementation for `.slint` files | https://crates.io/crates/slint-lsp \| https://github.com/slint-ui/slint/releases/latest |
+
+Paid license holders may be eligible for support on additional versions, depending on their specific terms of
+agreement.
+
+## Reporting a Vulnerability
+
+Please report any vulnerabilities via the GitHub Private Vulnerability Disclosure functionality.
+
+Check out the [GitHub Instructions](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability#privately-reporting-a-security-vulnerability) on how to submit a report.
+