add: security policy (#84)

SECURITY.md

@@ -0,0 +1,33 @@
+# Security Policy
+
+
+## Reporting a Vulnerability
+
+We take the security of our project seriously. If you have discovered a security vulnerability, please follow these steps:
+
+1. **Do not** disclose the vulnerability publicly.
+2. Send a detailed description of the vulnerability to [[email protected]](mailto:[email protected]).
+3. Include steps to reproduce the issue, if possible.
+4. Allow us some time to respond and address the issue before any public disclosure.
+
+We appreciate your effort to responsibly disclose your findings and will make every effort to acknowledge your contributions.
+
+## Security Update Process
+
+When we receive a security bug report, we will:
+
+1. Confirm the problem and determine the affected versions.
+2. Audit code to find any potential similar problems.
+3. Prepare fixes for all supported versions.
+4. Release new security fix versions as soon as possible.
+
+## Best Practices
+
+To help ensure the security of this project:
+
+- Keep your local copy up-to-date with the latest security patches.
+- Use strong and unique passwords for all accounts associated with the project.
+- Enable two-factor authentication where available.
+- Be cautious when using third-party dependencies and keep them updated.
+
+Thank you for helping keep our project and its users safe!