Create SECURITY.md

Author: toviszsolt

Diff for: SECURITY.md

@@ -0,0 +1,23 @@
+# Security Policy
+
+## Reporting a Vulnerability
+If you discover a security vulnerability in this project, please report it to us by sending an email to [email protected]. We will do our best to promptly address the issue.
+
+## Responsible Disclosure
+We value the work of the security community and encourage responsible disclosure of vulnerabilities. If you are unsure if a behavior is a security vulnerability, please send an email to [email protected] explaining the suspected issue. We will work with you to determine if the behavior is a security vulnerability and will provide guidance on how to proceed.
+
+## Vulnerability Disclosure Timeline
+We will do our best to follow the following timeline when addressing reported vulnerabilities:
+- Within 1 business day of receiving the report, we will send an acknowledgement email to the reporter acknowledging receipt of the report.
+- Within 2 business days of receiving the report, we will determine the severity of the report and assign a priority level to the report.
+- Within 1 week of receiving the report, we will either:
+    - Issue a patch and send a notification email to the reporter indicating that the vulnerability has been fixed.
+    - Provide a detailed response to the reporter explaining why the behavior does not qualify as a vulnerability.
+
+## Acknowledgements
+We would like to thank the following individuals for responsibly disclosing vulnerabilities:
+
+[Zsolt Tövis](https://github.com/toviszsolt)
+
+## Contact
+For any questions or concerns about our security policy, please contact us at [email protected].