Create SECURITY.md (#233)

mathieu-benoit · web-flow · commit bebd1646b980 · 2025-01-07T22:33:56.000-05:00
Signed-off-by: Mathieu Benoit &lt;mathieu-benoit@hotmail.fr&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,15 @@
+# Security Policy
+
+Thank you for taking the time to report a security vulnerability. We would like to investigate every report thoroughly.
+
+## Reporting a Vulnerability
+
+_Note: Please do not open a public issue describing the vulnerability._
+
+To report a security vulnerability, please navigate to the `Security` tab of the associated repository, and click on the [`Report a vulnerability`](https://github.com/score-spec/score-compose/security/advisories/new) button.
+
+Then, fill in all the details of the vulnerability in English and click on `Submit report`. This submission will only be viewable to repository maintainers and will help us triage your report more quickly.
+
+## Evaluation and Response
+
+Response times could be affected by weekends, holidays, breaks or time zone differences. That said, the maintainers team endeavours to evaluate your report and reply as soon as possible, ideally within 10 working days.
