From 82cccb54ff513900356c30c3d8e359d9886794bb Mon Sep 17 00:00:00 2001
From: Karolin Hemmingsson <94545214+KarolinHem@users.noreply.github.com>
Date: Thu, 25 Apr 2024 14:00:26 +0200
Subject: Update SECURITY.md to align with KF Community template

---
 SECURITY.md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'SECURITY.md')

diff --git a/SECURITY.md b/SECURITY.md
index 5aece3648..b690909f3 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,17 @@
-# Reporting a security issue
+# Security Policy
 
-If you would like to report something you believe to be a security issue, then please use feedback-crypto@bouncycastle.org.
+## Reporting a Vulnerability
 
-We can provide a PGP key if required.
+If you think that you have found a security vulnerability, please report it to this email address: [feedback-crypto@bouncycastle.org](mailto:feedback-crypto@bouncycastle.org)
+
+Describe the issue including all details, for example: 
+* Short summary of the problem
+* Steps to reproduce
+* Affected API versions
+* Logs if available 
+
+The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. 
+
+If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. 
+
+Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory. 
-- 
cgit 1.4.1