Security policy (A brief introduction to the project’s security policy.) Supported versions (A list of which versions are currently supported and which are not.) Reporting a vulnerability (How to report vulnerabilities.) Disclosure policy (How vulnerabilities will be disclosed.)