From 9bfb4050a7061cf7ef0467c0c583c6efd0243899 Mon Sep 17 00:00:00 2001
From: pandaninjas <101084582+pandaninjas@users.noreply.github.com>
Date: Sun, 25 Dec 2022 05:41:03 +0000
Subject: Create SECURITY.md

---
 SECURITY.md | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..da25fbf
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+Currently all versions are supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.0   | ✔️                  |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
+
+A vulnerability is currently defined as being able to get the session ID with only a mod that gets loaded after NoSession loads its tweaker.
+A non-comprehensive list of out of scope vulnerabilities:
+- Stealing information from launcher files
+- Using the OS level args methods 
+
+However, if you can produce a patch for an out of scope vulnerability, a bug bounty will be awarded as well.
+
+The bug bounty is a $5 USD Amazon Gift Card. I might run out, so it's awarded on a first come, first serve basis.
-- 
cgit