🔒 add Security Policy (#619)

SECURITY.md

@@ -0,0 +1,46 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| 8.x.x   | :white_check_mark: |
+| 7.x.x   | :x:                |
+| 6.x.x   | :x:                |
+| 5.x.x   | :x:                |
+| 4.x.x   | :x:                |
+| 3.x.x   | :x:                |
+| 2.x.x   | :x:                |
+| 1.x.x   | :x:                |
+| 0.x.x   | :x:                |
+
+
+## Reporting a Vulnerability
+
+We take the security of our software seriously. If you believe you have found a security vulnerability, please report it
+to us as described below.
+
+**DO NOT CREATE A GITHUB ISSUE** reporting the vulnerability.
+
+Instead, send an email to either [[email protected]](mailto:[email protected]) or
+[[email protected]](mailto:[email protected]).
+
+In the report, please include the following:
+
+- Your name and affiliation (if any).
+- A description of the technical details of the vulnerabilities. It is very important to let us know how we can
+  reproduce your findings.
+- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This
+  will help us evaluate your submission quickly, especially if it is a complex or creative vulnerability.
+- Whether this vulnerability is public or known to third parties. If it is, please provide details.
+
+If you don’t get an acknowledgment from us or have heard nothing from us in a week, please contact us again.
+
+We will send a response indicating the next steps in handling your report. We will keep you informed about the progress
+towards a fix and full announcement.
+
+We will not disclose your identity to the public without your permission. We strive to credit researchers in our
+advisories when we release a fix, but only after getting your permission.
+
+We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your
+contributions.