From 0ac9f44985930227d9cbd886b401e49ea3d70942 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Ho=C5=99e=C5=88ovsk=C3=BD?=
 <martin.horenovsky@gmail.com>
Date: Fri, 26 Nov 2021 00:10:01 +0100
Subject: [PATCH] Add SECURITY.md

---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..b66bf731
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+* Versions 1.x (branch Catch1.x) are no longer supported.
+* Versions 2.x (branch v2.x) are currently supported.
+* `devel` branch serves for stable-ish development and is supported,
+  but branches `devel-*` are considered short lived and are not supported separately.
+
+
+## Reporting a Vulnerability
+
+Due to its nature as a _unit_ test framework, Catch2 shouldn't interact
+with untrusted inputs and there shouldn't be many security vulnerabilities
+in it.
+
+However, if you find one you send email to martin <dot> horenovsky <at>
+gmail <dot> com. If you want to encrypt the email, my pgp key is
+`E29C 46F3 B8A7 5028 6079 3B7D ECC9 C20E 314B 2360`.