From cdcf457d8fd7df5258de7e436b2a664a7b07bcec Mon Sep 17 00:00:00 2001
From: Richard Littauer <richard.littauer@gmail.com>
Date: Mon, 2 Nov 2015 05:25:13 -0500
Subject: [PATCH] Added a security section

See https://github.com/ipfs/community/issues/62

License: MIT
Signed-off-by: Richard Littauer <richard.littauer@gmail.com>
---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 7ca2bd64a..fa1a3eb0d 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,14 @@ Please put all issues regarding IPFS _design_ in the
 [ipfs repo issues](https://github.com/ipfs/ipfs/issues).
 Please put all issues regarding go IPFS _implementation_ in [this repo](https://github.com/ipfs/go-ipfs/issues).
 
+## Security Issues
+
+The IPFS protocol and its implementations are still in heavy development. This means that there may be problems in our protocols, or there may be mistakes in our implementations. And -- though IPFS is not production-ready yet -- many people are already running nodes in their machines. So we take security vulnerabilities very seriously. If you discover a security issue, please bring it to our attention right away!
+
+If you find a vulnerability that may affect live deployments -- for example, by exposing a remote execution exploit -- please send your report privately to security@ipfs.io. Please DO NOT file a public issue.
+
+If the issue is a protocol weakness that cannot be immediately exploited or something not yet deployed, just discuss it openly.
+
 ## Install
 
 The canonical download instructions for IPFS are over at: http://ipfs.io/docs/install