From c104ac0b756150dc695e231c8a264cc436d2abda Mon Sep 17 00:00:00 2001
From: Claas Augner <caugner@mozilla.com>
Date: Mon, 10 Nov 2025 16:14:39 +0100
Subject: [PATCH] docs(SECURITY): sync security policy

---
 .github/CODEOWNERS |  1 +
 SECURITY.md        | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 8427592..bfeca0e 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -9,3 +9,4 @@
 
 /.github/workflows/ @mdn/engineering
 /.github/CODEOWNERS @mdn/content-team @mdn/engineering
+/SECURITY.md @mdn/engineering
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..f7a2c21
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you've discovered a security issue, please report it through the form linked
+below, which will create a secure, private ticket.
+https://bugzilla.mozilla.org/form.web.bounty
+
+MDN may be eligible for
+[Mozilla's Security Bug Bounty Program](https://www.mozilla.org/en-US/security/bug-bounty/).
+You can find more information about the bounty program in the
+[Mozilla Web Bug Bounty FAQ](https://www.mozilla.org/en-US/security/bug-bounty/faq-webapp/).
+You can use the above form even if you are not interested in a bounty reward.