chore: add security policy doc [skip ci] (#421)

Adding doc in standardized GitHub location so it's easily discoverable in the main project view. --- _By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license_
cdklabs · Sep 1, 2023 · d244a80 · d244a80
1 parent 4bce103
commit d244a80
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 5 deletions.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -63,9 +63,5 @@ For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of
 [email protected] with any additional questions or comments.
 
 
-## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue.
-
-
 ## Licensing
 See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
diff --git a/README.md b/README.md
@@ -416,11 +416,16 @@ monitoring.monitorScope(stack, {
 ```
 
 
-## Contributing/Security
+## Contributing
 
 See [CONTRIBUTING](CONTRIBUTING.md) for more information.
 
 
+## Security policy
+
+See [SECURITY](SECURITY.md) for more information.
+
+
 ## License
 
 This project is licensed under the Apache-2.0 License.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+We only provide support for the latest version of the library.
+
+## Reporting a Vulnerability
+
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/).
+
+Please do **not** create a public GitHub issue.