Create SECURITY.md

Author: VannySothea

SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy for fastapi-user-authentication
+
+## Reporting a Vulnerability
+
+We take security seriously and are committed to maintaining the security of our project. If you discover a security vulnerability, please report it as soon as possible.
+
+### Steps to Report a Vulnerability
+
+1. **Email**: Send an email to [email protected] with the following information:
+   - A description of the vulnerability.
+   - Steps to reproduce the issue.
+   - Any relevant logs or screenshots.
+
+2. **Do Not Share Publicly**: Please do not disclose the vulnerability publicly until it has been addressed. This helps us protect our users and the integrity of the project.
+
+3. **Response Time**: We will respond to your report as soon as possible and will keep you updated on the progress of the fix.
+
+## Secure Coding Practices
+
+To help maintain the security of this project, we encourage contributors to follow these best practices:
+
+- **Input Validation**: Always validate and sanitize user input to prevent injection attacks (e.g., SQL injection, XSS).
+- **Authentication**: Use strong authentication mechanisms, such as hashed passwords and secure tokens.
+- **Authorization**: Implement Role-Based Access Control (RBAC) to ensure users have appropriate permissions.
+- **Use HTTPS**: Always use HTTPS to encrypt data in transit and protect against man-in-the-middle attacks.
+- **Keep Dependencies Updated**: Regularly update dependencies and monitor for known vulnerabilities using tools like [Dependabot](https://dependabot.com/) or [Snyk](https://snyk.io/).
+
+## Security Updates
+
+We will provide security updates and patches as necessary. To stay informed about security-related updates, please watch the repository or check the [releases](https://github.com/VannySothea/fastapi-user-authentication/releases) page.
+
+Thank you for helping us keep our project secure!