add security.md

Signed-off-by: Brandon Lum <lumjjb@gmail.com>
author: Brandon Lum <lumjjb@gmail.com> 2022-08-18 09:57:12 -0400
committer: Brandon Lum <lumjjb@gmail.com> 2022-08-18 09:57:12 -0400
commit: ebf07892a0d2e3523df4cec749027581f2c39f7e (patch)
tree: 75a1c00075154097c2918bdab86cd8ba202cb9c3
parent: a532726dbb7a38d0f714075e9a1f1df4cae60230 (diff)
download: spdx-tools-ebf07892a0d2e3523df4cec749027581f2c39f7e.tar.gz
3 files changed, 13 insertions, 0 deletions
diff --git a/MAINTAINERS b/MAINTAINERS
new file mode 100644
index 0000000..c672ec8
--- /dev/null
+++ b/MAINTAINERS
@@ -0,0 +1,6 @@
+# spdx/tools-golang project maintainers
+#
+# GitHub ID, Name, Affiliation, Email address
+swinslow, Steve Winslow, NA, steve@swinslow.net
+RishabhBhatnagar, Rishabh Bhatnagar, media.net, bhatnagarrishabh4@gmail.com
+lumjjb, Brandon Lum, Google, lumjjb@gmail.com
diff --git a/README.md b/README.md
index 2693841..0b9f4e6 100644
--- a/README.md
+++ b/README.md
@@ -88,3 +88,7 @@ provided and may be used under the Creative Commons Attribution
 This `README.md` file is documentation:
 
 `SPDX-License-Identifier: CC-BY-4.0`
+
+## Security
+
+For security policy and reporting security issues, please refer to [SECURITY.md](SECURITY.md)
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..c47b64c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,3 @@
+# Security
+
+For security-related issues, do NOT open a public issue. Instead, please send an email to the list of [maintainers](/MAINTAINERS) with the subject header with prefix "spdx/golang-tools SECURITY:", so that we can respond to you in a timely manner.
author	Brandon Lum <lumjjb@gmail.com>	2022-08-18 09:57:12 -0400
committer	Brandon Lum <lumjjb@gmail.com>	2022-08-18 09:57:12 -0400
commit	ebf07892a0d2e3523df4cec749027581f2c39f7e (patch)
tree	75a1c00075154097c2918bdab86cd8ba202cb9c3
parent	a532726dbb7a38d0f714075e9a1f1df4cae60230 (diff)
download	spdx-tools-ebf07892a0d2e3523df4cec749027581f2c39f7e.tar.gz