Add security policy

bryan-hunt · web-flow · commit 5ea6a891c139 · 2021-03-20T21:07:46.000-06:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,29 @@
+# Security Policy
+
+We take the security of cryptoauthlib very seriously. Please submit security vulnerabilities to
+the Microchip Product Security Incident Response Team (PSIRT) which is responsible for receiving
+and responding to reports of potential security vulnerabilities in our products, as well as in 
+any related hardware, software, firmware, and tools. Please see below for instructions on how
+to submit your report.
+
+## Supported Versions
+
+The previous API version is maintained for a year after a new version is released.
+
+| Version | Supported          | Notes |
+| ------- | ------------------ | ----- |
+| 3.3.x   | :heavy_check_mark: |       |
+| 3.2.x   | :heavy_check_mark: | Security updates until January 2022 |
+| < 3.2   | :x:                |       |
+
+## Reporting a Vulnerability
+
+[How to Report Potential Product Security Vulnerabilities](https://www.microchip.com/design-centers/embedded-security/how-to-report-potential-product-security-vulnerabilities)
+
+Once a report is received, the PSIRT will take the necessary steps to review the issue
+and determine what actions might be required to address any potential impacts to our products.
+Microchip PSIRT follows a coordinated vulnerability responsible disclosure policy that is available
+for review.
+
+Please use the above instructions to securely submit your findings - We ask that you refrain from 
+reporting vulnerabilties through the public github issues system.
