From 24c713e054e94e64280dd4b9a0ddc7a7567d340c Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Fri, 16 Apr 2021 14:57:40 -0700
Subject: [PATCH 1/2] Create SECURITY.md

---
 docs/SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 docs/SECURITY.md

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 00000000..905b7fb4
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest version of `code-server` is currently support with security updates. These security updates will be patched in the version after the current version.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.9.3   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+To report a vulnerability, please send an email to security[@]coder.com and our security team will respond to you.

From dc98399d2b60f54950d24ad6f0d8fa7309e29b45 Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Fri, 16 Apr 2021 14:59:13 -0700
Subject: [PATCH 2/2] fixup: docs

---
 docs/SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
index 905b7fb4..bb24654f 100644
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -2,7 +2,7 @@
 
 ## Supported Versions
 
-Only the latest version of `code-server` is currently support with security updates. These security updates will be patched in the version after the current version.
+Coder sponsors development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report, and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time.
 
 | Version | Supported          |
 | ------- | ------------------ |