chore(security): add SECURITY.md for vulnerability reporting

sebastianjnuwu · web-flow · commit 892b8bbd3439 · 2024-12-22T13:57:05.000-03:00
Added a SECURITY.md file to provide guidelines for reporting security vulnerabilities.
It includes contact information, the process for handling reports, and security best practices.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security
+
+This document provides guidelines on how to report security vulnerabilities in the project.
+
+## Reporting Vulnerabilities
+
+If you discover a security vulnerability, please follow the guidelines below to report it securely and responsibly:
+
+1. **Do not open public issues**: Please do not submit public issues or pull requests containing details of the vulnerability. This could allow others to exploit the issue before it's fixed.
+   
+2. **Contact**: Send an email to **sebastianjnuwu@gmail.com** or open a private ticket in the repository to report the issue. Please provide as many details as possible, including:
+   - Description of the vulnerability
+   - Steps to reproduce it
+   - Potential impact
+   - Any code or examples of how the vulnerability can be exploited
+
+3. **Acknowledgment**: All security reports will be handled with the utmost seriousness, and you will be publicly credited if the issue is resolved.
+
+## Handling Reports
+
+When we receive a security report, we follow this process:
+
+1. We confirm receipt of the report within 48 hours.
+2. We analyze and prioritize the vulnerability.
+3. We work on fixing the issue promptly.
+4. We inform the reporter when a fix is ready.
+
+## References
+
+- [GitHub Security Guidelines](https://docs.github.com/en/github/managing-security-vulnerabilities/creating-a-security-policy)
+- [OWASP Top Ten](https://owasp.org/www-project-top-ten/)
+
+Thank you for helping keep this project secure!
