feat: create SECURITY policy

SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please send an email to **[email protected]**. Please do not create a public issue for the vulnerability.
+
+Your email should include the following information:
+
+- A description of the vulnerability
+- Steps to reproduce the vulnerability
+- Possible impact of the vulnerability
+- Any suggested mitigation or remediation steps
+
+We will respond to your email as soon as possible and work with you to address any security issues.
+
+## Bug Bounty Program
+
+At this time, we do not offer a bug bounty program.
+
+## Maintainer Responsibilities
+
+Maintainers are responsible for the security of the project. This includes:
+
+- Responding to security reports in a timely manner
+- Investigating reported vulnerabilities
+- Developing and releasing patches for confirmed vulnerabilities
+- Communicating with the reporting party as the issue is addressed
+
+## Disclosures
+
+- We will acknowledge receipt of your report within one of our business days as soon as possible.
+- We will confirm the vulnerability and determine its impact.
+- We will release a fix as soon as possible, depending on the complexity of the issue.
+- We will communicate the vulnerability and any patches or workarounds to our users.
+
+Thank you for your help in making Community Standards project/repository a more secure place.