doc: use standard Google security policy for GitHub projects (#5062)

author: Brian de Alwis <[email protected]> 2025-08-01 12:12:32 -0400
committer: GitHub <[email protected]> 2025-08-01 16:12:32 +0000
commit: d42e3f1e7fbdf23e3e8b729c5ba08dbf89285088 (patch)
tree: e464ff5032f91a8d639622168b33387dceca35db
parent: 7748e56153159373ba4b9bf0f937ed476504b6c7 (diff)
2 files changed, 12 insertions, 0 deletions
diff --git a/README.md b/README.md
index 3e2db940..41612af3 100644
--- a/README.md
+++ b/README.md
@@ -209,3 +209,7 @@ Head over to the [Uninstall](docs/Uninstall.md) guide for uninstallation instruc
 ## Terms of Service and Privacy Notice
 
 For details on the terms of service and privacy notice applicable to your use of Gemini CLI, see the [Terms of Service and Privacy Notice](./docs/tos-privacy.md).
+
+## Security Disclosures
+
+Please see our [security disclosure process](SECURITY.md). All [security advisories](https://github.com/google-gemini/gemini-cli/security/advisories) are managed on Github.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..226310c2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,8 @@
+# Reporting Security Issues
+
+To report a security issue, please use [https://g.co/vulnz](https://g.co/vulnz).
+We use g.co/vulnz for our intake, and do coordination and disclosure here on
+GitHub (including using GitHub Security Advisory). The Google Security Team will
+respond within 5 working days of your report on g.co/vulnz.
+
+[GitHub Security Advisory]: https://github.com/google-gemini/gemini-cli/security/advisories
author	Brian de Alwis <[email protected]>	2025-08-01 12:12:32 -0400
committer	GitHub <[email protected]>	2025-08-01 16:12:32 +0000
commit	d42e3f1e7fbdf23e3e8b729c5ba08dbf89285088 (patch)
tree	e464ff5032f91a8d639622168b33387dceca35db
parent	7748e56153159373ba4b9bf0f937ed476504b6c7 (diff)