From 0042823e4a9525a1111572d06a1eb45e8886b78b Mon Sep 17 00:00:00 2001
From: Peter Matula <peter.matula@avast.com>
Date: Mon, 20 Sep 2021 09:32:47 +0200
Subject: [PATCH 1/2] add SECURITY.md as requested in #1018

---
 SECURITY.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..09931c153
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities either as regular [issues](https://github.com/avast/retdec/issues) or, if you consider it more appropriate, privately to our email [info@retdec.com](mailto:info@retdec.com).
+
+Please provide as much information as possible. We will try to confirm the issue and respond in a matter of days. The fix itself depends on the complexity of the issue, its acuteness, and our currently available resources.

From 4fff36755b9a080c95f33523f722f7a45c719519 Mon Sep 17 00:00:00 2001
From: Peter Matula <peter.matula@avast.com>
Date: Mon, 20 Sep 2021 10:22:42 +0200
Subject: [PATCH 2/2] SECURITY.md: do not advise to report security issues
 publicly

---
 SECURITY.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 09931c153..abc44750e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,6 +2,4 @@
 
 ## Reporting a Vulnerability
 
-Please report (suspected) security vulnerabilities either as regular [issues](https://github.com/avast/retdec/issues) or, if you consider it more appropriate, privately to our email [info@retdec.com](mailto:info@retdec.com).
-
-Please provide as much information as possible. We will try to confirm the issue and respond in a matter of days. The fix itself depends on the complexity of the issue, its acuteness, and our currently available resources.
+Please report (suspected) security vulnerabilities to our email [info@retdec.com](mailto:info@retdec.com). Please provide as much information as possible. We will try to confirm the issue and respond in a matter of days. The fix itself depends on the complexity of the issue, its acuteness, and our currently available resources.