From 9d0c0d7149b98f9f04f7bc420d5569a39b2ef058 Mon Sep 17 00:00:00 2001
From: Thomas Steur <tsteur@users.noreply.github.com>
Date: Tue, 5 Dec 2023 17:13:47 +1300
Subject: [PATCH] Add Security file describing the bug bounty program

refs https://github.com/matomo-org/docker/issues/336
---
 SECURITY.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9cb7d30
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,12 @@
+# Reporting Security Issues
+
+## Security Bug Bounty Program
+
+The [Matomo Security Bug Bounty Program on HackerOne](https://hackerone.com/matomo/) is designed to encourage security research in Matomo software and to reward those who help us create the safest web analytics platform. 
+
+## Responsible disclosure by email
+
+We encourage you to responsibly report issues via our [Matomo Bug Bounty Program on HackerOne](https://hackerone.com/matomo) or you can also 
+[email us at security@matomo.org](mailto:security@matomo.org?subject=Reporting%20Vulnerability%20in%20Matomo).
+
+If you have found a security issue in Matomo please read [our security notes](https://matomo.org/security/) regarding responsible disclosures.