alliander-opensource · santidhammo · Jun 5, 2025
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,21 @@
+<!--
+SPDX-FileCopyrightText: 'Copyright Contributors to the ReLevENT project'
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# Security
+
+At Alliander, we consider the security of our systems and software a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
+
+If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
+
+## Report a security issue
+
+Use the contact details on the [Alliander.com Vulnerability Reporting page](https://www.alliander.com/en/coordinated-vulnerability-disclosure/).
+
+Please describe clearly how the issue can be reproduced, so we can fix it quickly. Typically, the IP address or URL of the affected system and a description of the vulnerability are sufficient. We may contact you if we need more information about a complex vulnerability.
+
+## Thanks
+
+We don't have a bug bounty program, but we're grateful for all the reports we get. We offer an Alliander Security hoodie as a reward for significant security problems.