docs(security): add initial security policy

janderssonse · janderssonse · commit e389e5d275b6 · 2025-05-11T07:33:45.000+02:00
Signed-off-by: Josef Andersson &lt;janderssonse@proton.me&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Reporting
+
+If you wish to report a security vulnerability privately, we appreciate your diligence. Please follow the guidelines below to submit your report.
+
+## Reporting
+
+To report a security vulnerability, please provide the following information:
+
+1. **PROJECT**
+   - Include the URL of the project repository - Example: <https://github.com/sharkdp/fd>
+
+2. **PUBLIC**
+   - Indicate whether this vulnerability has already been publicly discussed or disclosed.
+   - If so, provide relevant links.
+
+3. **DESCRIPTION**
+   - Provide a detailed description of the security vulnerability.
+   - Include as much information as possible to help us understand and address the issue.
+
+Send this information, along with any additional relevant details, to <email AT somewhere or other channel>.
+
+## Confidentiality
+
+We kindly ask you to keep the report confidential until a public announcement is made.
+
+## Notes
+
+- Vulnerabilities will be handled on a best-effort basis.
+- You may request an advance copy of the patched release, but we cannot guarantee early access before the public release.
+- You will be notified via email simultaneously with the public announcement.
+- We will respond within a few weeks to confirm whether your report has been accepted or rejected.
+
+Thank you for helping to improve the security of our project!
