From 88906a79cf45adc4d70df040844c8c1f2a961d42 Mon Sep 17 00:00:00 2001
From: Ryo Nakano <ryonakaknock3@gmail.com>
Date: Mon, 4 May 2026 13:36:59 +0900
Subject: [PATCH 1/2] [skip ci] chore: Create SECURITY.md

---
 SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..746c25fa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+## Supported Versions
+Always only [latest version](https://github.com/ryonakano/reco/releases/latest) is being supported with security
+updates.
+
+The main reason of this is that only one version can be published at the same time in the remote app stores
+like Flathub or AppCenter. Another reason is to lessen burden of the project maintainer.
+
+## Reporting a Vulnerability
+Please follow this guideline if you find any vulnerabilities in this project.
+
+* Report via [Security Advisories](https://github.com/ryonakano/reco/security/advisories). Do NOT report via issues or
+email so that your vulnerability report is not missed.
+* Describe the vulnerability as much as possible in addition to the placeholder provided by GitHub. For example,
+steps to reproduce, screenshots, and screencasts are appreciated.
+* Create a private PR if you have a fix. Refer to [GitHub Docs](https://docs.github.com/en/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork) for details.
+* Do NOT disclose the vulnerability publicly until we release a fix, publish mitigating steps, or decline to address it.

From 559c3891124fbd44050c91a9fd8be76b470ee545 Mon Sep 17 00:00:00 2001
From: Ryo Nakano <ryonakaknock3@gmail.com>
Date: Mon, 18 May 2026 20:59:35 +0900
Subject: [PATCH 2/2] [skip ci] Review

---
 SECURITY.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 746c25fa..073c4a72 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -9,9 +9,9 @@ like Flathub or AppCenter. Another reason is to lessen burden of the project mai
 ## Reporting a Vulnerability
 Please follow this guideline if you find any vulnerabilities in this project.
 
-* Report via [Security Advisories](https://github.com/ryonakano/reco/security/advisories). Do NOT report via issues or
-email so that your vulnerability report is not missed.
+* Report via [Security Advisories](https://github.com/ryonakano/reco/security/advisories). Do NOT report via other ways
+like issues or email so that your vulnerability report is not missed.
 * Describe the vulnerability as much as possible in addition to the placeholder provided by GitHub. For example,
-steps to reproduce, screenshots, and screencasts are appreciated.
-* Create a private PR if you have a fix. Refer to [GitHub Docs](https://docs.github.com/en/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork) for details.
+steps to reproduce, screenshots, or screencasts are appreciated.
+* Create a private PR if you have a fix. Refer to [GitHub Docs](https://docs.github.com/en/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork) for details of how to do it.
 * Do NOT disclose the vulnerability publicly until we release a fix, publish mitigating steps, or decline to address it.