From 0b3e47fecc81fbc095aec6e17eb804b051aa66ea Mon Sep 17 00:00:00 2001
From: Ikko Eltociear Ashimine <eltociear@gmail.com>
Date: Sun, 26 Apr 2026 12:38:31 +0900
Subject: [PATCH] docs: add security policy

---
 SECURITY.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..6c79a4a6
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities responsibly.
+
+**Do NOT open a public GitHub issue for security vulnerabilities.**
+
+### How to Report
+
+1. **GitHub Security Advisories**: [Report privately](https://github.com/GLips/Figma-Context-MCP/security/advisories/new)
+2. **Email**: Contact the maintainers directly
+
+### Response Timeline
+
+- Acknowledgment: 48 hours
+- Assessment: 1 week
+- Fix: Based on severity
+
+## Supported Versions
+
+| Version | Supported |
+|---------|:---------:|
+| Latest  | ✅        |
+
+## MCP Security Best Practices
+
+1. Review server permissions before connecting
+2. Use environment variables for secrets
+3. Limit server access to required tools only
+4. Keep dependencies updated