From d7224d0486b70c3d2e11f99fee465776154c79d5 Mon Sep 17 00:00:00 2001
From: Jim Garrison <garrison@ibm.com>
Date: Thu, 27 Jul 2023 13:09:11 -0400
Subject: [PATCH] Add SECURITY.md

---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..296fcd2c0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+The Circuit Knitting Toolbox supports one minor version release at a time, both for bug and
+security fixes. For example, if the most recent release is 0.2.1, then the 0.2.x
+release series is currently supported.
+
+## Reporting a Vulnerability
+
+To report vulnerabilities, you can privately report a potential security issue
+via the GitHub security vulnerabilities feature. This can be done here:
+
+https://github.com/Qiskit-Extensions/circuit-knitting-toolbox/security/advisories
+
+Please do **not** open a public issue about a potential security vulnerability.
+
+You can find more details on the security vulnerability feature in the GitHub
+documentation here:
+
+https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability