Create SECURITY.md

SECURITY.md

@@ -0,0 +1,33 @@
+# Security Policy for OpenMAIC
+
+Thank you for helping us keep OpenMAIC secure! We take the security of our platform, multi-agent engine, and users very seriously. 
+
+## Supported Versions
+
+We currently provide security updates for the latest major release and the active `main` branch. Please ensure you are running the most recent version of OpenMAIC before submitting a report.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| main    | :white_check_mark: |
+| Latest Release | :white_check_mark: |
+| Older Versions | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in OpenMAIC, **please do not create a public GitHub issue.** Publicly disclosing a vulnerability can put other users and self-hosted instances at risk.
+
+Instead, please report it privately using one of the following methods:
+**GitHub Private Vulnerability Reporting:** Go to the [Security tab](https://github.com/THU-MAIC/OpenMAIC/security) of the repository, click on "Advisories", and select "Report a vulnerability".
+
+
+**What to include in your report:**
+* A description of the vulnerability and its potential impact.
+* Detailed steps to reproduce the issue.
+* Any relevant logs, screenshots, or code snippets.
+* (Optional) Suggested mitigation or a patch.
+
+We will acknowledge receipt of your vulnerability report within 48 hours and strive to send you regular updates about our progress.
+
+## Disclosure Process
+
+When a vulnerability is confirmed and patched, we will publish a GitHub Security Advisory detailing the issue, the impacted versions, and the fix. We will also credit the security researcher who reported the issue (unless they prefer to remain anonymous).