From 5e00c921474c1565695e2aa14d8d1c63c095d18c Mon Sep 17 00:00:00 2001
From: Miro <200482516+Mirochill@users.noreply.github.com>
Date: Tue, 19 May 2026 20:03:11 +0200
Subject: [PATCH] Document security reporting contact

---
 SECURITY.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..6e1e5a2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+Please do not report suspected security vulnerabilities in public GitHub
+issues.
+
+To report a vulnerability privately, email the project contacts listed in the
+package metadata:
+
+- Cory Benfield <cory@lukasa.co.uk>
+- Thomas Kriechbaumer <thomas@kriechbaumer.name>
+
+Include the affected hpack version, a description of the issue, reproduction
+steps or proof-of-concept details if available, and any known mitigations.
+
+The Hyper project's broader security guidance is documented at
+https://python-hyper.org/en/latest/security.html.