Improve: SECURITY.md for clarity and detail + Adding PVE9 as supported (#7690)

Author: MickLesk

SECURITY.md

@@ -1,24 +1,64 @@
+# Security Policy
+
 ## Supported Versions
-This project currently supports the following versions of Proxmox VE:
+
+This project currently supports the following versions of Proxmox VE (PVE):
 
 | Version | Supported          |
 | ------- | ------------------ |
+| 9.0.x   | :white_check_mark: |
 | 8.4.x   | :white_check_mark: |
 | 8.3.x   | :white_check_mark: |
 | 8.2.x   | :white_check_mark: |
 | 8.1.x   | :white_check_mark: |
-| 8.0.x   | Limited support* ❕| 
+| 8.0.x   | Limited support* ❕ |
 | < 8.0   | :x:                |
 
-*Version 8.0.x has limited support. Security updates may not be provided for all issues in this version.
+*Version 8.0.x has limited support. Security updates may not be provided for all issues affecting this version.
+
+---
 
 ## Reporting a Vulnerability
 
-Security vulnerabilities shouldn’t be reported publicly to prevent potential exploitation. Instead, please report any vulnerabilities privately by reaching out directly to us. You can either join our [Discord server](https://discord.gg/jsYVk5JBxq) and send a direct message to a maintainer or contact us via email at [email protected]. Be sure to include a detailed description of the vulnerability and the steps to reproduce it. Thank you for helping us keep our project secure!
+Security vulnerabilities must not be reported publicly to avoid potential exploitation.  
+Instead, please report them privately via one of the following channels:
+
+- **Discord**: Join our [Discord server](https://discord.gg/jsYVk5JBxq) and send a direct message to a maintainer.  
+- **Email**: Write to us at **[email protected]** with the subject line:  
+  `Vulnerability Report - <Project/Script Name>`.
+
+When reporting a vulnerability, please provide:
+
+- A clear description of the issue  
+- Steps to reproduce the vulnerability  
+- Affected versions or environments  
+- (Optional) Suggested fixes or workarounds  
+
+---
+
+## Response Process
+
+1. **Acknowledgment**  
+   - We will review and acknowledge your report within **7 business days**.
+
+2. **Assessment**  
+   - The maintainers will verify the issue and classify its severity.  
+   - Depending on impact, a patch may be released immediately or scheduled for the next update.
+
+3. **Resolution**  
+   - Critical security fixes will be prioritized.  
+   - Non-critical issues may be deferred or declined with an explanation.
+
+---
 
-Once a vulnerability has been reported, the project maintainers will review it and acknowledge the report within 7 business days. We will then work to address the vulnerability and provide a fix as soon as possible. Depending on the severity of the issue, a patch may be released immediately or included in the next scheduled update.
+## Disclaimer
 
-Please note that not all reported vulnerabilities may be accepted. The project maintainers reserve the right to decline a vulnerability report if it is deemed to be a low-risk issue or if it conflicts with the project's design or architecture. In such cases, we will provide an explanation for the decision.
+Not all reported issues will be treated as vulnerabilities.  
+Reports may be declined if they are deemed:  
+- Low-risk  
+- Out of project scope  
+- Conflicting with intended design or architecture  
 
-If you have any questions or concerns about this security policy, please don't hesitate to contact the project maintainers.
+---
 
+If you have any questions or concerns about this security policy, please reach out to the maintainers through the contact options above.