From 62aee857886a7dba37edc4a35374ddb9884497e2 Mon Sep 17 00:00:00 2001
From: Greg Zajac <grzegorz.zajac000@gmail.com>
Date: Tue, 13 Aug 2024 09:48:52 +0200
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a912161
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security
+
+At 2FAS, the security is a top priority. If you encounter a potential security issue please report it following the guidelines below.
+
+## Reporting Security Issues
+
+If you believe you've discovered a security vulnerability in our Browser Extension, please do not post it publicly on GitHub. Instead, contact our security team directly by emailing [security@2fas.com](mailto:security@2fas.com). If possible, please encrypt your message using our PGP key ([here](https://keys.openpgp.org/search?q=security%402fas.com))
+
+To help us address the issue quickly, please include the following information:
+
+- The specific product affected (e.g., iOS app, Android app, Browser Extension, API server, etc.)
+- Type of issue (e.g., unauthorized data access, privilege escalation, etc.)
+- Detailed steps to reproduce the issue
+- Any relevant details about the affected environment (e.g., device model, OS version)
+- Potential impact and any proof-of-concept code, if available
+
+You should expect a response within 72 hours. If you don't receive a confirmation, please follow up to ensure we received your report.
+
+## Communication Language
+
+We prefer all communications to be in English.
+
+## Policy
+
+2FAS adheres to the principles of Coordinated Vulnerability Disclosure.