SECURITY.md: add security file

This is now recognized and recommended by GitHub.

Fixes #32201

Change-Id: Iafb5ef1b2bee5f021a711b0b758aaf6a74758c5d
Reviewed-on: https://go-review.googlesource.com/c/go/+/178697
Reviewed-by: Ian Lance Taylor <iant@golang.org>

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644 (file)
index 0000000..35995ee
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+We support the past two Go releases (for example, Go 1.11.x and Go 1.12.x).
+
+See https://golang.org/wiki/Go-Release-Cycle and in particular the
+[Release Maintenance](https://github.com/golang/go/wiki/Go-Release-Cycle#release-maintenance)
+part of that page.
+
+## Reporting a Vulnerability
+
+See https://golang.org/security for how to report a vulnerability.