From 128b32a459ea3bd4237b2bdfc77db71e390a0dcb Mon Sep 17 00:00:00 2001
From: pooya parsa <pyapar@gmail.com>
Date: Fri, 17 Jun 2022 10:00:37 +0200
Subject: [PATCH] docs: add notes about reporting security issues (#4895)

Co-authored-by: Daniel Roe <daniel@roe.dev>
---
 SECURITY.md | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..a2249a1ee5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,10 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please send an email to **security@nuxtjs.org** or submit it for a bounty via [Huntr](https://huntr.dev/bounties/disclose/?target=https://github.com/nuxt/framework).
+
+All security vulnerabilities will be promptly verified and addressed. 
+
+While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Nuxt and other dependencies by maintaining lock files (`yarn.lock`, `package-lock.json` and `pnpm-lock.yaml`) in order to ensure your application remains as secure as possible.
+