PMM-7 Create a security policy (#1328)

Alex Tymchuk · web-flow · commit 405c9e11ad23 · 2022-10-24T13:10:16.000+03:00
* Create SECURITY.md

* Update SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,29 @@
+# Security Policy
+
+## Supported Versions
+
+PMM versions starting from v2.0.0 are currently being supported.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :x:                |
+| 2.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Please report any vulnerabilities to our project in [Jira](https://jira.percona.com/projects/PMM/issues).
+
+If the vulnerability is accepted and confirmed by our experts, you should normally expect us to deliver
+a version with a fix according to the timelines provided below:
+
+For Percona created software (our engineers wrote the code):
+
+- Low/Medium: 120 days
+- High: 90 days
+- Critical: ASAP but should not exceed 30 days
+
+For Non-Percona created software (upstream provided/packaged) from the time the vendor releases a patch:
+
+- Low/Medium: 2nd release from current version
+- High: Next release
+- Critical: Hotfix or no later than next release (our regular release cadence is once every month)
