From d244a802f3f97afff058dd0cc65a5abf3f6e12f2 Mon Sep 17 00:00:00 2001
From: Eugene Cheung <81188333+echeung-amzn@users.noreply.github.com>
Date: Fri, 1 Sep 2023 17:19:59 -0400
Subject: [PATCH] chore: add security policy doc [skip ci] (#421)

Adding doc in standardized GitHub location so it's easily discoverable
in the main project view.

---

_By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache-2.0 license_
---
 CONTRIBUTING.md |  4 ----
 README.md       |  7 ++++++-
 SECURITY.md     | 11 +++++++++++
 3 files changed, 17 insertions(+), 5 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 15f2a573..1e4cfef1 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -63,9 +63,5 @@ For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of
 opensource-codeofconduct@amazon.com with any additional questions or comments.
 
 
-## Security issue notifications
-If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public GitHub issue.
-
-
 ## Licensing
 See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
diff --git a/README.md b/README.md
index 2af44540..e6c4bce3 100644
--- a/README.md
+++ b/README.md
@@ -416,11 +416,16 @@ monitoring.monitorScope(stack, {
 ```
 
 
-## Contributing/Security
+## Contributing
 
 See [CONTRIBUTING](CONTRIBUTING.md) for more information.
 
 
+## Security policy
+
+See [SECURITY](SECURITY.md) for more information.
+
+
 ## License
 
 This project is licensed under the Apache-2.0 License.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..ce343c19
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+We only provide support for the latest version of the library.
+
+## Reporting a Vulnerability
+
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/).
+
+Please do **not** create a public GitHub issue.