Create SECURITY.md

This file location is shown under "Security -> Policy" on GitHub
and helps ensure people with a need to report a security issue
find us the right way.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep  9 21:13:35 UTC 2019 on sn-devel-184

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644 (file)
index 0000000..5d3c88c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+
+See https://wiki.samba.org/index.php/Samba_Release_Planning for a
+matrix showing the currently supported versions of Samba.
+
+## Reporting a Vulnerability
+
+Please report all security issues or defects to security@samba.org and **never** on IRC, public mailing lists or in Bugzilla!
+
+Once reported and if warrented by the specific issue, the Samba Team
+will follow the process outlined in
+https://wiki.samba.org/index.php/Samba_Security_Process to produce a
+security release.