Create SECURITY.md

Author: ModusOperandom

SECURITY.md

@@ -0,0 +1,28 @@
+# Mergington High School Security Policy
+
+## Reporting a Vulnerability
+
+At Mergington High, we take the security of our Extra-Curricular Activities website seriously, especially
+since it contains student information. If you discover a security vulnerability, please follow these steps:
+
+1. **Do not** create an issue on this repository, disclose the vulnerability publicly, or discuss it with other teachers/students.
+1. In the top navigation of this repository, click the **Security** tab.
+1. In the top right, click the **Report a vulnerability** button.
+1. Fill out the provided form. It will request information like:
+   - A description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact on student data or website functionality
+   - Suggested fix (if you have one)
+1. Email the IT Club faculty advisor at [email protected] and inform them you have made a report. **Do not** include any vulnerability details.
+
+## Response Timeline
+
+- We will acknowledge receipt of your report within 2 school days
+- We will provide an initial assessment within 5 school days
+- Critical issues affecting student data will be addressed immediately
+- We will create a private fork to solve the issue and invite you as a collaborator so you can see our progress and contribute.
+
+## Thank You
+
+Your help in keeping our school's digital resources secure is greatly appreciated!
+Responsible disclosure of security vulnerabilities helps protect our entire school community.