docs: add SECURITY.md

All new NGINX projects are created from the template repository which
has a SECURITY.md file in it. This adopts the file.

NOTE; We wrap the file around the 76-78 character mark for consistency
and readability.

Link: <https://github.com/nginxinc/template-repository>
Closes: https://github.com/nginx/unit/issues/1408
Signed-off-by: Gabor Javorszky <g.javorszky@f5.com>
[ Tweaked commit message - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

1 files changed, 21 insertions, 0 deletions

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..450f989d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Latest Versions
+
+We advise users to run or update to the most recent release of this
+project. Older versions of this project may not have all enhancements
+and/or bug fixes applied to them.
+
+## Reporting a Vulnerability
+
+The F5 Security Incident Response Team (F5 SIRT) has an email alias that
+makes it easy to report potential security vulnerabilities:
+
+- If you’re an F5 customer with an active support contract, please
+contact [F5 Technical Support](https://www.f5.com/services/support).
+- If you aren’t an F5 customer, please report any potential or current
+instances of security vulnerabilities with any F5 product to the
+F5 Security Incident Response Team at <F5SIRT@f5.com>.
+
+For more information please read the F5 SIRT vulnerability reporting
+guidelines available at [https://www.f5.com/services/support/report-a-vulnerability](https://www.f5.com/services/support/report-a-vulnerability).
\ No newline at end of file