From c2fc3b1f64d6946f1057971ee897ea828ae848d8 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrum@google.com>
Date: Mon, 20 Mar 2023 18:35:59 -0300
Subject: [PATCH] Create a Security Policy (#222)

* Create SECURITY.md

* Update SECURITY.md to add email

* Disclose vulnerability on Github
---
 SECURITY.md | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..efafe264
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,6 @@
+# Reporting Security Issues
+
+To report a security issue, please disclose it at [security advisory](https://github.com/certifi/python-certifi/security/advisories/new).
+
+We will respond within 7 working days of your submission. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
+