From e377948fdeba144db0b8eaef8acce7021220b615 Mon Sep 17 00:00:00 2001
From: Masataka Pocke Kuwabara <kuwabara@pocke.me>
Date: Wed, 7 Feb 2024 17:40:09 +0900
Subject: [PATCH] Add SECURITY.md

---
 docs/SECURITY.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 docs/SECURITY.md

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 000000000..4df710b00
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy of gem_rbs_collection
+
+## Non-security issues
+
+We treat it as an ordinary problem even if `gems/` directory contains malicious code.
+Please report them to the issue tracker or open a pull request.
+
+Our test runner (`bin/test`) does not execute any code written in `gems/` directory. `rbs` command and library also do not execute any code from this repository.
+So it does not cause any security issue even if `gems/` directory contains malicious code.
+
+But if an attacker can inject malicious code to `bin/test`, `rbs` command or the library, it would be a security issue. Please report the problem with the following steps.
+
+## Reporting a Vulnerability
+
+See https://www.ruby-lang.org/en/security/.