Create SECURITY.md

jeff-at-trimble · web-flow · commit 3de3f0c6d1c8 · 2025-08-13T09:52:19.000-07:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Report security vulnerabilities by emailing the Trimble Cybersecurity team at:
+
+    cybersecurity@trimble.com
+
+Report security vulnerabilities in third-party modules to the person or team maintaining the module.
+
+## Disclosure Policy
+
+When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
+
+- Confirm the problem and determine the affected versions.
+- Audit code to find any potential similar problems.
+- Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
