From 57e48495bbdcbd1b9db186d3f01c0fe0e498bf2d Mon Sep 17 00:00:00 2001
From: Yi Sun <yi-sun@users.noreply.github.com>
Date: Fri, 9 May 2025 03:05:34 -0400
Subject: [PATCH] feat: add SECURITY.md

---
 README.md   | 6 +++++-
 SECURITY.md | 5 +++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 SECURITY.md

diff --git a/README.md b/README.md
index d8f5bf2..7386aa5 100644
--- a/README.md
+++ b/README.md
@@ -41,4 +41,8 @@ If you want to import the verifier contract into your own repository for testing
 
 ## Audits
 
-You can find the audit reports for these contracts in the [OpenVM repo](https://github.com/openvm-org/openvm/tree/main/audits).
+Versions v1.1 and later of these contracts are recommended for production use. The code to generate these contracts from release commits of OpenVM was [audited](https://github.com/openvm-org/openvm/blob/main/audits/v1.1.1-cantina-report.pdf) by [Cantina](https://cantina.xyz/) in April 2025.
+
+## Security
+
+See [SECURITY.md](SECURITY.md).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..2a5ab29
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Report a Vulnerability
+
+Contact [security@openvm.dev](mailto:security@openvm.dev).