From 8fc531d49ac50b70a47f84613140dfdca2aa5f0c Mon Sep 17 00:00:00 2001
From: Nima Fallah <nfallah399@gmail.com>
Date: Sat, 30 Nov 2024 12:11:24 -0500
Subject: [PATCH] Add a security policy file and a corresponding section to
 README (#263)

A security policy (typically a SECURITY.md file) can give users
information about what constitutes a vulnerability and how to report one
securely so that information about a bug is not publicly visible.
---
 README.md   | 4 ++++
 SECURITY.md | 5 +++++
 2 files changed, 9 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index 8fd97210..18b37035 100644
--- a/README.md
+++ b/README.md
@@ -377,3 +377,7 @@ Then execute `python -m build python/` to create a whl from the sources. It can
 - ***Spark’s groupByKey should be avoided – and here’s why**, Enrico Minack, 13/06/2023*:<br/>https://www.gresearch.com/blog/article/sparks-groupbykey-should-be-avoided-and-heres-why/
 - ***Inspecting Parquet files with Spark**, Enrico Minack, 28/07/2023*:<br/>https://www.gresearch.com/blog/article/parquet-files-know-your-scaling-limits/
 - ***Enhancing Spark’s UI with Job Descriptions**, Enrico Minack, 12/12/2023*:<br/>https://www.gresearch.com/blog/article/enhancing-sparks-ui-with-job-descriptions/
+
+## Security
+
+Please see our [security policy](https://github.com/G-Research/spark-extension/blob/master/SECURITY.md) for details on reporting security vulnerabilities.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..efe2a00c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security and Coordinated Vulnerability Disclosure Policy
+
+This project appreciates and encourages coordinated disclosure of security vulnerabilities. We prefer that you use the GitHub reporting mechanism to privately report vulnerabilities. Under the main repository's security tab, click "Report a vulnerability" to open the advisory form.
+
+If you are unable to report it via GitHub, have received no response after repeated attempts, or have other security related questions, please contact security@gr-oss.io and mention this project in the subject line.
\ No newline at end of file