chore(security): add responsible disclosure policy

Author: matteovivona

SECURITY.md

@@ -0,0 +1,21 @@
+# Responsible Disclosure Policy
+
+A responsible disclosure policy helps protect the project and its users from security vulnerabilities discovered in the project’s scope by employing a process where vulnerabilities are publicly disclosed after a reasonable time period to allow patching the vulnerability. 
+
+All security bugs are taken seriously and are considered as top priority. 
+Your efforts to responsibly disclose your findings are appreciated and will be taken into account to acknowledge your contributions.
+
+## Supported Versions
+
+This versions of HospitalRun project are currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.0.0   | :white_check_mark: |
+| 1.0.0-beta   | :x:           |
+
+## Reporting a Vulnerability
+
+Report security bugs by opening a new [Security Issue](https://github.com/HospitalRun/components/issues/new?template=security.md). You can also report a vulnerability by emailing [email protected].
+
+Report security bugs in third-party modules to the maintainer or team maintaining the module.