From 03647ae692c71cfab80b59f81cc3239db338a411 Mon Sep 17 00:00:00 2001
From: Sjoerd van Leent <svanleent@gmail.com>
Date: Thu, 5 Jun 2025 09:47:24 +0200
Subject: [PATCH] Create SECURITY.md

Signed-off-by: Sjoerd van Leent <svanleent@gmail.com>
---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..ed6a7ba
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+<!--
+SPDX-FileCopyrightText: 'Copyright Contributors to the ospo-code-scanner project'
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# Security
+
+At Alliander, we consider the security of our systems and software a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.
+
+If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
+
+## Report a security issue
+
+Use the contact details on the [Alliander.com Vulnerability Reporting page](https://www.alliander.com/en/coordinated-vulnerability-disclosure/).
+
+Please describe clearly how the issue can be reproduced, so we can fix it quickly. Typically, the IP address or URL of the affected system and a description of the vulnerability are sufficient. We may contact you if we need more information about a complex vulnerability.
+
+## Thanks
+
+We don't have a bug bounty program, but we're grateful for all the reports we get. We offer an Alliander Security hoodie as a reward for significant security problems.