From 76007ed00086ed3ffaf5be93b8f87ce4899383bf Mon Sep 17 00:00:00 2001
From: Vishal Karmalkar <vishal.karmalkar@thoughtworks.com>
Date: Fri, 19 Jun 2026 10:59:08 +0530
Subject: [PATCH] BAH-4802 | Add SECURITY.md (vulnerability disclosure policy)

Adds SECURITY.md at the repo root pointing reporters to the private Bahmni disclosure process (security@bahmni.org) and the full process on the wiki. Satisfies the ch_security_policy OSS-audit check.
---
 SECURITY.md | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a01cafd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Security Policy
+
+Please **do not** report security vulnerabilities through public GitHub issues or pull requests.
+
+Report them privately to **security@bahmni.org**.
+
+The full reporting, discussion, and disclosure process is documented here:
+https://bahmni.atlassian.net/wiki/spaces/BAH/pages/884277257/Security+-+Reporting+and+Discussion