docs(security): add a security policy

Signed-off-by: k4yt3x <i@k4yt3x.com>
k4yt3x · Nov 23, 2024 · 9379397 · 9379397
1 parent ed318f6
commit 9379397
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+- **Email**: Send vulnerability reports via email to [github@k4yt3x.com](mailto:github@k4yt3x.com).
+- **Details**: Include description, impact, reproduction steps, and proof-of-concept if applicable.
+- **Confidentiality**: Do not disclose vulnerabilities publicly until a fix is released.
+
+## Response Process
+
+1. **Acknowledge**: We will acknowledge receipt within 48 hours.
+2. **Assess**: Initial assessment and response within 7 days.
+3. **Fix**: Develop and release a patch promptly.
+4. **Credit**: Acknowledge contributors unless anonymity is requested.