diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..296fcd2c0 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,21 @@ +# Security Policy + +## Supported Versions + +The Circuit Knitting Toolbox supports one minor version release at a time, both for bug and +security fixes. For example, if the most recent release is 0.2.1, then the 0.2.x +release series is currently supported. + +## Reporting a Vulnerability + +To report vulnerabilities, you can privately report a potential security issue +via the GitHub security vulnerabilities feature. This can be done here: + +https://github.com/Qiskit-Extensions/circuit-knitting-toolbox/security/advisories + +Please do **not** open a public issue about a potential security vulnerability. + +You can find more details on the security vulnerability feature in the GitHub +documentation here: + +https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability