quantumlib · mhucka · Jan 30, 2025 · Jan 30, 2025 · Jan 30, 2025
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,30 @@
+# Reporting security issues
+
+The OpenFermion developers and community take security bugs in OpenFermion
+seriously. We appreciate your efforts to responsibly disclose your findings,
+and will make every effort to acknowledge your contributions.
+
+Please **do not** use GitHub issues to report security vulnerabilities; GitHub
+issues are public, and doing so could allow someone to exploit the information
+before the problem can be addressed. Instead, please use the GitHub ["Report a
+Vulnerability"](https://github.com/quantumlib/OpenFermion/security/advisories/new)
+interface from the _Security_ tab of the OpenFermion repository.
+
+Please report security issues in third-party modules to the person or team
+maintaining the module rather than the OpenFermion project stewards, unless you
+believe that some action needs to be taken with OpenFermion in order to guard
+against the effects of a security vulnerability in a third-party module.
+
+## Responses to security reports
+
+The project stewards at Google Quantum AI will send a response indicating the
+next steps in handling your report. After the initial reply to your report, the
+project stewards will keep you informed of the progress towards a fix and full
+announcement, and may ask for additional information or guidance.
+
+## Additional points of contact
+
+Please contact the project stewards at Google Quantum AI via email at
+quantum-oss-maintainers@google.com if you have questions or other concerns. If
+for any reason you are uncomfortable reaching out to the project stewards,
+please email opensource@google.com instead.