Create SECURITY.md for vulnerability reporting

dreamer-coding · web-flow · commit 8fa1a3c6925c · 2025-09-13T19:49:41.000-06:00
Added a security policy outlining vulnerability reporting and disclosure procedures.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+I take security seriously at Fossil Logic.
+
+## Reporting a Vulnerability
+
+If you find a potential vulnerability:
+
+1. **Do not disclose details publicly.**
+2. Open a [🔒 Security Issue](https://github.com/fossillogic/fossil-test/issues/new?template=security.md) and provide a high-level summary.
+3. Optionally include your contact information so maintainers can follow up privately.
+
+Maintainers will respond as soon as possible to gather details safely and coordinate a fix.
+
+## Disclosure Policy
+
+We ask researchers and users to:
+- Give us time to investigate and patch before sharing details publicly.
+- Work with us in good faith to ensure users are not put at risk.
