Add SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644 (file)
index 0000000..74aa514
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Security patches will mainly target the latest release version,
+as listed on [PyPI](https://pypi.org/project/babel/) or [GitHub Releases](https://github.com/python-babel/babel/releases).
+
+Patches for particularly high-impact security issues be backported to older versions as need be,
+but Babel has generally been extremely backward compatible (within major version series),
+so for many users, simply upgrading to the latest release should be rather frictionless.
+
+If you're using a version of Babel packaged by a downstream distribution,
+such as Debian, Ubuntu, etc., they may backport patches from newer versions with a different policy.
+
+## Reporting a Vulnerability
+
+Please feel free to report vulnerabilities by any method below you feel comfortable with:
+
+* You can use GitHub's form [over here](https://github.com/python-babel/babel/security/advisories/new).
+* Contact a maintainer, presently [@akx](https://github.com/akx), over email (akx@iki.fi) or direct messages on listed socials.
+  * If you need an encrypted channel of communications, please email/DM first and we'll set something up.