docs: add security policy

Co-Authored-By: Svrnty Inc. <eng@svrnty.com>
2026-03-05 05:59:26 -05:00 · 2026-03-05 05:59:26 -05:00 · 3fa59306c2
commit 3fa59306c2
parent 697b36900b
1 changed files with 53 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,53 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly.
+
+**Do NOT open a public issue.**
+
+### How to Report
+
+Email: **security@svrnty.com**
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Any suggested fixes (optional)
+
+### Response Timeline
+
+- **Acknowledgment**: Within 48 hours
+- **Initial Assessment**: Within 7 days
+- **Resolution Target**: Within 30 days (depending on severity)
+
+### What to Expect
+
+1. We will acknowledge receipt of your report
+2. We will investigate and validate the issue
+3. We will work on a fix and coordinate disclosure
+4. We will credit you (if desired) when the fix is released
+
+### Scope
+
+This policy applies to:
+- Code in this repository
+- Dependencies we control
+- Infrastructure we operate
+
+### Out of Scope
+
+- Third-party services or dependencies
+- Social engineering attacks
+- Physical security
+
+## Supported Versions
+
+Security updates are provided for the latest release only.
+
+| Version | Supported |
+|---------|-----------|
+| Latest  | Yes       |
+| Older   | No        |
+