Modernize Security Policy (SECURITY.md)

[Nitya-003]

Description

The current SECURITY.md lacks clear visual hierarchy and a structured response protocol. To ensure the project meets professional standards and provides a clear "Responsible Disclosure" path for researchers, we need to update the security policy with a scannable, table-driven format.

Proposed Improvements

1. Visual Support Table: Replace plain text with a Markdown table to clearly distinguish between supported and EOL (End of Life) versions.
2. Reporting Protocol: Define a clear 3-step reporting process (Email → Investigation → Patch) to prevent public disclosure of 0-day vulnerabilities.
3. Response Service Level Agreement (SLA): Add a commitment to acknowledge reports within 48 hours to build trust with security researchers.
4. Security Best Practices Section: Add an "Important" callout box regarding dependency auditing and environment secret management.

Technical Implementation

• Update SECURITY.md in the root directory with the following structure:
• Active Versions Table (using GitHub-flavored Markdown).
• Step-by-step reporting guide.
• Markdown Alert Block for critical security warnings.

Why this is needed

• Trust: Professional security documentation is vital for projects handling user data or travel bookings.
• Safety: Encourages private reporting via email instead of public GitHub issues, preventing active exploits.
• Clarity: Makes it immediately obvious to users whether their current version is still receiving patches.

I would love to work on this issue and Submit a PR.

Labels: documentation, SWOC'26, SWOC, Security

[github-actions]

👋 Thanks for opening this issue! We appreciate your contribution. Please make sure you’ve provided all the necessary details and screenshots, and don't forget to follow our Guidelines and Code of Conduct. Happy coding! 🚀