🔒 Create SECURITY.md

jpcadena · web-flow · commit 0da9fe0c0dfb · 2023-10-25T18:41:50.000-05:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,36 @@
+# Security Policy
+
+## Supported Versions
+
+We provide security updates and fixes actively for the latest major version of the project. Previous major versions are supported until 1 year after the release of the next major version.
+
+| Version | Supported          |
+|---------|--------------------|
+| 2.3.x   | :white_check_mark: |
+| 2.2.x   | :white_check_mark: |
+| 2.1.x   | :x:                |
+| < 2.0   | :x:                |
+
+## Reporting a Vulnerability
+
+We take security very seriously. If you have found any issues that might have security implications, please send a report to our dedicated email at [jpcadena@espol.edu.ec](mailto:jpcadena@espol.edu.ec?subject=grpc-in-python%20-%20Security%20Issue) instead of posting a public issue on GitHub.
+
+When reporting, please include as much information as possible to help us understand the scope and severity of the issue. This may include:
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- Potential impacts of the vulnerability
+- Suggestions for mitigating the vulnerability, if any
+
+Please avoid including sensitive information in the initial report. We will provide a secure, encrypted channel for further communication after the initial report.
+
+### What to expect
+
+After you have reported a vulnerability:
+
+1. **Acknowledgement**: We will acknowledge your email within 3 business days.
+2. **Verification & Analysis**: Our security team will work to verify the vulnerability and determine its potential impacts.
+3. **Response & Mitigation**: We will aim to provide a first response, including our plans for mitigating the vulnerability, within 10 business days.
+4. **Communication**: If the vulnerability is confirmed, we will release a security advisory on our GitHub repository and might also communicate it via other channels.
+
+We appreciate your effort in improving the security of our project and will acknowledge your contribution when we disclose the issue, unless you prefer to remain anonymous.
