docs: update security.md

caarlos0 · caarlos0 · commit 9c8b4610906e · 2025-09-09T13:53:44.000-03:00
Signed-off-by: Carlos Alexandro Becker &lt;caarlos0@users.noreply.github.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,11 +4,27 @@
 
 Only the last stable version at any given point.
 
+## Response Timeline
+
+We aim to acknowledge vulnerability reports within 3 business days.
+Resolution or assessment is typically provided within 30 days.
+
+## Scope
+
+We address vulnerabilities that could compromise the confidentiality, integrity,
+or availability of GoReleaser or its users.
+
+## Credit
+
+We are happy to publicly acknowledge reporters in release notes, unless
+anonymity is requested.
+
 ## Reporting a Vulnerability
 
 Vulnerabilities can be disclosed in private using
-[GitHub advisories](https://github.com/goreleaser/goreleaser-pro/security).
+[GitHub advisories](https://github.com/goreleaser/goreleaser-pro/security/policy).
 
-For GoReleaser OSS, please see https://github.com/goreleaser/goreleaser/blob/main/SECURITY.md.
+For issues common with GoReleaser OSS, please refer to
+[this instead](https://github.com/goreleaser/goreleaser/security/policy).
 
 Thanks!
