From ed59f451f145ccd33d4a212ada4b099815592736 Mon Sep 17 00:00:00 2001
From: GeneratedUserFJ839 <nachumnazarian16@gmail.com>
Date: Sun, 11 Jan 2026 20:02:17 +0100
Subject: [PATCH] Create SECURITY.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added a security policy outlining how to report vulnerabilities and the project’s commitments to researchers.
---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..7a9b89da53b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+If you believe you have found a vulnerability in MetaMask Core, please follow the steps below.
+
+## Reporting a vulnerability
+
+- Do not create public issues; instead, email security@metamask.io with a description.
+- Provide steps to reproduce the issue if possible.
+- Include any relevant logs or screenshots.
+
+## Our pledge
+
+- We will acknowledge your report within 5 business days.
+- We aim to keep you informed about the progress of your report.
+- We appreciate responsible disclosures and will not pursue legal action against reporters acting in good faith.
+
+## Scope
+
+This policy applies to the MetaMask Core codebase and related packages in this repository.
+
+Thank you for helping keep MetaMask and its users safe.