From d8a2c6852ae67cdf922411ad8907b38d8ae43a3b Mon Sep 17 00:00:00 2001
From: Xiangzhuang Shen <datahonor@gmail.com>
Date: Thu, 29 Aug 2024 22:22:07 +0800
Subject: [PATCH] add: security policy

---
 SECURITY.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b6bcb1f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+
+## Reporting a Vulnerability
+
+We take the security of our project seriously. If you have discovered a security vulnerability, please follow these steps:
+
+1. **Do not** disclose the vulnerability publicly.
+2. Send a detailed description of the vulnerability to [datahonor@gmail.com](mailto:datahonor@gmail.com).
+3. Include steps to reproduce the issue, if possible.
+4. Allow us some time to respond and address the issue before any public disclosure.
+
+We appreciate your effort to responsibly disclose your findings and will make every effort to acknowledge your contributions.
+
+## Security Update Process
+
+When we receive a security bug report, we will:
+
+1. Confirm the problem and determine the affected versions.
+2. Audit code to find any potential similar problems.
+3. Prepare fixes for all supported versions.
+4. Release new security fix versions as soon as possible.
+
+## Best Practices
+
+To help ensure the security of this project:
+
+- Keep your local copy up-to-date with the latest security patches.
+- Use strong and unique passwords for all accounts associated with the project.
+- Enable two-factor authentication where available.
+- Be cautious when using third-party dependencies and keep them updated.
+
+Thank you for helping keep our project and its users safe!