From 0edb162ba7e4e63b3bb242df8a72502048183caf Mon Sep 17 00:00:00 2001
From: Brennan Ashton <bashton@brennanashton.com>
Date: Wed, 16 Dec 2020 20:29:00 -0800
Subject: [PATCH] Add project GitHub Security Policy page

Signed-off-by: Brennan Ashton <bashton@brennanashton.com>
---
 .github/SECURITY.md | 17 +++++++++++++++++
 README.md           |  4 ++++
 2 files changed, 21 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 00000000000..3f34d85f752
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 10.0.x  | :heavy_check_mark: |
+| 9.1.x   | :heavy_check_mark: |
+| < 9.1   | :x:                |
+
+## Reporting a Vulnerability
+
+If you think you have found a possible vulnerability please reach out to the _private_ project mailing list
+private@nuttx.apache.org or the Apache Security list security@apache.org.
+
+Please **DO NOT** create a GitHub issue or email the project dev list as they are public.
+This project follows the Apache Vulnerability Handling Policy docuemnted [here](https://www.apache.org/security/committers.html#vulnerability-handling)
diff --git a/README.md b/README.md
index c38fdb02cb6..520320f7201 100644
--- a/README.md
+++ b/README.md
@@ -102,6 +102,10 @@ Get help using NuttX or contribute to the project on our mailing lists:
     * View the archives at:
       <https://www.mail-archive.com/commits@nuttx.apache.org/>
 
+## Reporting Security Issues
+
+Found a vulnerability? See our security policy [here](.github/SECURITY.md).
+
 ## Issue Tracker
 
 ### Bug Reports: