Merge pull request #8 from webern-unibas-ch/add-security-policy

Create SECURITY.md

SECURITY.md

@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+We are committed to providing security updates for the latest version of our project. Please ensure you are using the most recent release to receive these updates.
+
+## Reporting a Vulnerability
+
+We take security issues very seriously. If you discover a security vulnerability in any webern-unibas-ch-owned repository, please report it to us through coordinated disclosure.
+
+**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
+
+Instead, please send an email to info-awg[@]unibas.ch.
+
+Please include as much of the information listed below as you can to help us better understand and resolve the issue:
+
+* The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Acknowledgment
+
+We acknowledge every security vulnerability reported to us and strive to address them in a timely manner. We appreciate your patience as we work to resolve the issue.
+
+Contributors who report vulnerabilities will be acknowledged in the project's documentation. However, please note that we do not have a bounty program and cannot provide monetary rewards for vulnerability reports.
+
+Thank you for helping to keep our project secure.
+
+---
+
+This policy is adapted from the policies of:
+
+* https://github.com/github/template/security/advisories