From 514b9018d5302f28d7a8e3bdd133ca4c629a6f70 Mon Sep 17 00:00:00 2001
From: Nicolas R <atoomic@cpan.org>
Date: Sun, 20 Oct 2019 17:25:48 +0200
Subject: [PATCH] Add security template

---
 MANIFEST    |  1 +
 SECURITY.md | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/MANIFEST b/MANIFEST
index 29b6e7c21a7b4..498750b01f7c9 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -5355,6 +5355,7 @@ README.tw			Perl for Traditional Chinese (in Big5)
 README.vms			Notes about installing the VMS port
 README.vos			Perl notes for Stratus VOS
 README.win32			Perl notes for Windows
+SECURITY.md			Add Security Policy for GitHub
 reentr.c			Reentrant interfaces
 reentr.h			Reentrant interfaces
 regcharclass.h			Generated by regen/regcharclass.pl
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000000..856dbceaca7f0
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in Perl, please email the details to perl5-security-report@perl.org
+
+This creates a new Request Tracker ticket in a special queue which isn't initially publicly accessible. The email will also be copied to a closed subscription unarchived mailing list which includes all the core committers, who will be able to help assess the impact of issues, figure out a resolution, and help co-ordinate the release of patches to mitigate or fix the problem across all platforms on which Perl is supported. Please only use this address for security issues in the Perl core, not for modules independently distributed on CPAN.
+
+When sending an initial request to the security email address, please don't Cc any other parties, because if they reply to all, the reply will generate yet another new ticket. Once you have received an initial reply with a [perl #NNNNNN] ticket number in the headline, it's okay to Cc subsequent replies to third parties: all emails to the perl5-security-report address with the ticket number in the subject line will be added to the ticket; without it, a new ticket will be created.
+
+## PerlSec
+
+Read more at https://perldoc.perl.org/perlsec.html