From 79ae05e3a08fe054785d953f5e50e8798c321543 Mon Sep 17 00:00:00 2001
From: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Date: Mon, 18 Nov 2024 22:16:42 +0000
Subject: [PATCH 1/2] Create SECURITY.md

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e191dfa
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Reporting Security Issues
+
+This SDK is maintained by [Anthropic](https://www.anthropic.com/) as part of the Model Context Protocol project.
+Anthropic takes security seriously, and encourages you to report any security vulnerability promptly so that appropriate action can be taken.
+
+To report a security issue, please contact the Anthropic team at security@anthropic.com.
+
+## Responsible Disclosure
+
+We appreciate the efforts of security researchers and individuals who help us maintain the security of
+the SDK. If you believe you have found a security vulnerability, please adhere to responsible
+disclosure practices by allowing us a reasonable amount of time to investigate and address the issue
+before making any information public.
+
+## Reporting Non-SDK Related Security Issues
+
+If you encounter security issues that are not directly related to SDKs but pertain to the services
+or products provided by Anthropic please contact security@anthropic.com.
+
+### Anthropic Terms and Policies
+
+Please contact support@anthropic.com for any questions or concerns regarding security of our services.
+
+---
+
+Thank you for helping us keep the SDKs and systems they interact with secure.

From f7c4a58f3ce459d9d7b770c3178df9ca44a07b4e Mon Sep 17 00:00:00 2001
From: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Date: Tue, 19 Nov 2024 12:07:53 +0000
Subject: [PATCH 2/2] Update SECURITY.md

---
 SECURITY.md | 20 +++++++-------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index e191dfa..1b5ce63 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,11 +1,13 @@
 # Security Policy
+Thank you for helping us keep the SDKs and systems they interact with secure.
 
 ## Reporting Security Issues
 
 This SDK is maintained by [Anthropic](https://www.anthropic.com/) as part of the Model Context Protocol project.
-Anthropic takes security seriously, and encourages you to report any security vulnerability promptly so that appropriate action can be taken.
+Anthropic takes security seriously, and encourages you to report any security vulnerability promptly so that 
+appropriate action can be taken.
 
-To report a security issue, please contact the Anthropic team at security@anthropic.com.
+Our security program is managed on HackerOne. Please report any security issues via https://hackerone.com/anthropic-vdp.
 
 ## Responsible Disclosure
 
@@ -14,15 +16,7 @@ the SDK. If you believe you have found a security vulnerability, please adhere t
 disclosure practices by allowing us a reasonable amount of time to investigate and address the issue
 before making any information public.
 
-## Reporting Non-SDK Related Security Issues
-
-If you encounter security issues that are not directly related to SDKs but pertain to the services
-or products provided by Anthropic please contact security@anthropic.com.
-
-### Anthropic Terms and Policies
+## Policy
 
-Please contact support@anthropic.com for any questions or concerns regarding security of our services.
-
----
-
-Thank you for helping us keep the SDKs and systems they interact with secure.
+See our vulnerability disclosure policy at [HackerOne](https://hackerone.com/anthropic-vdp) for further
+details.