From a6466333d5b2d3f147ad95144a122d498eaf4426 Mon Sep 17 00:00:00 2001
From: Jackson Tian <shyvo1987@gmail.com>
Date: Wed, 3 Jan 2024 16:59:13 +0800
Subject: [PATCH] doc: Add security report policy

---
 SECURITY.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..42b543d8b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Vulnerability Reporting
+
+We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
+
+If you discover a security vulnerability within our project, we would like you to inform us as soon as possible in a responsible manner. Please follow these steps for reporting:
+
+- Send your report directly to Alibaba Security via the vulnerability reporting page: <https://security.alibaba.com/>. This will ensure that your report is handled in a timely and secure manner.
+- Do not disclose the issue publicly until we’ve had a chance to address it. Public disclosure of a security vulnerability could put the entire community at risk.
+- Provide as much information as possible about the potential vulnerability, so we can reproduce and fix the issue quickly.
\ No newline at end of file