feat(security.md): add Security Policy

Co-authored-by: Anton Sapozhnikov <[email protected]>
Co-authored-by: Patrik Nordlén <[email protected]>
Co-authored-by: Samuel Kelemen <[email protected]>

SECURITY.md

@@ -0,0 +1,41 @@
+# Security Policy
+
+Einride welcomes feedback from security researchers and the general public to 
+help improve our security. If you believe you have discovered a vulnerability,
+privacy issue, exposed data, or other security issues in relation to this 
+project, we want to hear from you. This policy outlines steps for reporting
+security issues to us, what we expect, and what you can expect from us.
+
+## Supported versions
+
+We release patches for security issues according to semantic versioning. This 
+project is currently unstable (v0.x) and only the latest version will receive 
+security patches.
+
+## Reporting a vulnerability
+
+Please do not report security vulnerabilities through public issues, 
+discussions, or change requests.
+
+Please report security issues via [[email protected]][email].
+Provide all relevant information, including steps to reproduce the issue, any 
+affected versions, and known mitigations. The more details you provide, the 
+easier it will be for us to triage and fix the issue. You will receive a 
+response from us within 2 business days. If the issue is confirmed, a patch will
+be released as soon as possible.
+
+For more information, or security issues not relating to open source code, 
+please consult our [Vulnerability Disclosure Policy][vdp].
+
+## Preferred languages
+
+English is our preferred language of communication. 
+
+## Contributions and recognition
+
+We appreciate every contribution and will do our best to publicly 
+[acknowledge][acknowledgments] your contributions.
+
+[email]: mailto:[email protected]
+[vdp]: https://www.einride.tech/vulnerability-disclosure-policy
+[acknowledgments]: https://einride.tech/security-acknowledgments.txt