chore: create security.md

beatt83 · web-flow · commit f77adcffb85f · 2026-01-07T09:52:06.000Z
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+## Supported Versions
+
+We are committed to fixing security vulnerabilities in the latest versions of the `jose-swift` library.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 6.0.x   | :white_check_mark: |
+| 5.0.x   | :white_check_mark: |
+| < 5.0.x | :x:                |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you believe you have found a security vulnerability in `jose-swift`, we encourage you to report it through our private vulnerability reporting program on GitHub.
+
+### Private Security Advisory
+
+1. Go to the [Security tab](https://github.com/beatt83/jose-swift/security/advisories/new) of this repository.
+2. Click on **"Report a vulnerability"** to open a private draft advisory.
+3. Provide details about the vulnerability, including steps to reproduce and the potential impact.
+
+This method allows us to discuss the vulnerability privately and collaborate on a fix before it becomes public knowledge.
+
+## Disclosure Policy
+
+* We aim to acknowledge receipt of your report within 48 hours.
+* We will keep you updated on the progress of the fix.
+* We request that you **wait until a patch is released** before publicly disclosing the vulnerability to give users time to upgrade.
+
+Thank you for helping keep `jose-swift` and its users safe.
