Create security.md

SECURITY.md

@@ -0,0 +1,30 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Until release  | Supported          |
+| ------- | -------------- | ------------------ |
+| 0.1.0   | release v1.0.0 | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to [EMAIL_ADDRESS]. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on the complexity of the issue.
+
+Please include the following information with your report:
+
+### Your contact details.
+- The version of our software that you are using.
+- Any details about your environment that might be helpful in reproducing the issue.
+- A detailed description of the vulnerability being reported. This might include the steps to reproduce, a proof-of-concept, or an exploit code.
+
+### Security Update Policy
+Updates will be released as necessary, and users will be notified via GitHub release notes.
+Details about security updates will be communicated through the same channels.
+
+### Public Disclosure Timing
+After the initial response to a security report, we will aim to keep you informed of our progress toward a fix and full announcement, and may ask for further information or guidance.
+
+Please do not disclose the issue to the public until a reasonable amount of time has passed and we have provided a patch or mitigation.