From 77adc26f8aa5cf054559e65c99a867d8e9bbd860 Mon Sep 17 00:00:00 2001
From: Dennis Li <23002167+dli357@users.noreply.github.com>
Date: Wed, 7 Dec 2022 12:49:16 -0800
Subject: [PATCH] [CDAP-20182] Update security policy

---
 CONTRIBUTING.rst | 3 +--
 SECURITY.md      | 8 ++++++++
 2 files changed, 9 insertions(+), 2 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/CONTRIBUTING.rst b/CONTRIBUTING.rst
index 2d81177569c1..12b192cf3b1b 100644
--- a/CONTRIBUTING.rst
+++ b/CONTRIBUTING.rst
@@ -7,8 +7,7 @@ Here are instructions to get you started if you want to contribute to CDAP.
 Security Reports
 ================
 
-Please *DO NOT* file an issue for security related problems. 
-Please send your reports to `security@cask.co <mailto:security@cask.co>`__.
+Please see SECURITY.md for reporting security vulnerabilities.
 
 Creating Issues
 ===============
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..2e7248843ea3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+To report a security issue, please use [https://g.co/vulnz](https://g.co/vulnz).
+We use g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.
\ No newline at end of file