From 810935a5f6b30c9db4d72f5edfb7fe84d9fd610f Mon Sep 17 00:00:00 2001
From: brian d foy <briandfoy@pobox.com>
Date: Thu, 2 Jan 2025 16:08:36 -0500
Subject: [PATCH] Add SECURITY.md

---
 SECURITY.md | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a48aae8
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,35 @@
+# Security Policy for Mojo::Promise::Role::HigherOrder
+
+## Reporting security issues
+
+**Do not report security problems on public forums or in repository
+issues.**
+
+Privately report vulnerabilities to the maintainers listed at the end
+of this document. Include as many details as possible to reproduce the
+issue, including code samples or test cases. Check that your report
+does not expose any of your sensitive data, such as passwords, tokens,
+or other secrets.
+
+You do not need to have a solution or fix. Depending on the issue,
+CPANSec may be notified. Depending on the issue, CPANSec may be
+notified.
+
+You can also privately report issues to the CPAN Security Group
+(CPANSec) <cpan-security@security.metacpan.org>. This is especially
+important if you think a vulnerability is being actively exploited.
+CPANSec may report the issue to the relevant authorities. See [Report
+a Security Issue](https://security.metacpan.org/docs/report.html).
+
+## Response to reports
+
+The maintainers aim to respond to all reports within one day, but this
+may be affected by life and other things that happen to people who
+maintain open source code.
+
+A new release will be provided as soon as possible.
+
+## Maintainers
+
+* brian d foy, <briandfoy@pobox.com>
+