ryonakano · ryonakano · May 18, 2026 · May 4, 2026 · May 18, 2026 · May 18, 2026
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+## Supported Versions
+Always only [latest version](https://github.com/ryonakano/reco/releases/latest) is being supported with security
+updates.
+
+The main reason of this is that only one version can be published at the same time in the remote app stores
+like Flathub or AppCenter. Another reason is to lessen burden of the project maintainer.
+
+## Reporting a Vulnerability
+Please follow this guideline if you find any vulnerabilities in this project.
+
+* Report via [Security Advisories](https://github.com/ryonakano/reco/security/advisories). Do NOT report via other ways
+like issues or email so that your vulnerability report is not missed.
+* Describe the vulnerability as much as possible in addition to the placeholder provided by GitHub. For example,
+steps to reproduce, screenshots, or screencasts are appreciated.
+* Create a private PR if you have a fix. Refer to [GitHub Docs](https://docs.github.com/en/code-security/tutorials/fix-reported-vulnerabilities/collaborate-in-a-fork) for details of how to do it.
+* Do NOT disclose the vulnerability publicly until we release a fix, publish mitigating steps, or decline to address it.