docs: add SECURITY.md with responsible disclosure policy

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: imran-siddique

SECURITY.md

@@ -1,143 +1,89 @@
 # Security Policy
 
+## About Agent OS
+
+**Agent OS** is part of the [Agent Governance Ecosystem](https://github.com/imran-siddique) — a suite of open-source projects for building, orchestrating, and governing autonomous AI agents in enterprise environments.
+
 ## Supported Versions
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 0.x.x   | :white_check_mark: |
+| Latest  | :white_check_mark: |
+| < Latest | :x:               |
 
-Once Agent OS reaches 1.0, we will maintain security updates for the latest minor version.
+Only the latest release of Agent OS receives security updates. Users are strongly encouraged to stay up to date.
 
 ## Reporting a Vulnerability
 
-**Please do not report security vulnerabilities through public GitHub issues.**
-
-If you discover a security vulnerability in Agent OS, please report it responsibly:
-
-### 1. Email (Preferred)
-
-Send an email to: **security@agent-os.dev**
-
-Include:
-- Description of the vulnerability
-- Steps to reproduce
-- Potential impact
-- Any suggested fixes (optional)
-
-### 2. GitHub Security Advisories
-
-You can also report via [GitHub Security Advisories](https://github.com/imran-siddique/agent-os/security/advisories/new).
-
-### 3. Encrypted Communication
-
-For sensitive reports, you may encrypt your message using our PGP key:
-
-```
------BEGIN PGP PUBLIC KEY BLOCK-----
-[PGP key to be added]
------END PGP PUBLIC KEY BLOCK-----
-```
-
-Key fingerprint: `[To be added]`
-
-## Response Timeline
-
-| Stage | Timeline |
-|-------|----------|
-| Initial acknowledgment | Within 48 hours |
-| Initial assessment | Within 1 week |
-| Fix development | Varies by severity |
-| Public disclosure | Coordinated with reporter |
-
-## Severity Classification
-
-We use the following severity levels:
-
-| Severity | Description | Response Time |
-|----------|-------------|---------------|
-| **Critical** | Remote code execution, complete bypass of safety policies | 24-48 hours |
-| **High** | Partial bypass of safety policies, data exposure | 1 week |
-| **Medium** | Denial of service, information leakage | 2 weeks |
-| **Low** | Minor issues, hardening opportunities | Next release |
-
-## Security Model
-
-### What Agent OS Protects Against
-
-Agent OS provides **application-level policy enforcement**:
-
-- ✅ Deterministic policy checks on agent actions
-- ✅ SQL injection prevention (via policy rules)
-- ✅ File system access restrictions (configurable paths)
-- ✅ Rate limiting and resource controls
-- ✅ Action logging and audit trails (Flight Recorder)
-
-### What Agent OS Does NOT Protect Against
+If you discover a security vulnerability in Agent OS, please report it responsibly.
 
-Agent OS is middleware, not a security sandbox:
+**Email:** [security@imransiddique.com](mailto:security@imransiddique.com)
 
-- ❌ Memory corruption or process isolation (use containers)
-- ❌ Compromised LLM providers
-- ❌ Network-level attacks
-- ❌ Supply chain attacks on dependencies
+**Please include:**
 
-**For production deployments, we recommend:**
-- Running agents in isolated containers
-- Using network policies to restrict agent communication
-- Monitoring the Flight Recorder for anomalies
-- Regular dependency audits
+- A description of the vulnerability
+- Steps to reproduce the issue
+- Affected version(s)
+- Any potential impact assessment
 
-## Security Best Practices
+> **Do not open a public GitHub issue for security vulnerabilities.**
 
-### For Users
+## What to Expect
 
-1. **Keep Agent OS updated** - Always run the latest version
-2. **Use restrictive policies** - Start with minimal permissions, expand as needed
-3. **Enable Flight Recorder** - Log all agent actions for audit
-4. **Review policies regularly** - Ensure policies match current requirements
-5. **Run in containers** - Isolate agents for defense in depth
+| Step                        | Timeline     |
+| --------------------------- | ------------ |
+| Acknowledgment of report    | Within 48 hours |
+| Initial assessment          | Within 5 business days |
+| Fix development and testing | Within 30 days (critical), 90 days (non-critical) |
+| CVE assignment              | If applicable, coordinated with the reporter |
+| Public disclosure           | After fix is released, per responsible disclosure timeline |
 
-### For Contributors
+We will keep you informed throughout the process and credit reporters (unless anonymity is requested).
 
-1. **Sign commits** - Use `git commit -s` (DCO) and GPG signing
-2. **Review dependencies** - Check for known vulnerabilities before adding
-3. **Write secure code** - Follow OWASP guidelines
-4. **Add tests** - Include security-relevant test cases
-5. **Document security implications** - Note any security considerations in PRs
+## Responsible Disclosure Timeline
 
-## Dependency Management
+We follow a **90-day responsible disclosure policy**:
 
-We monitor dependencies for known vulnerabilities using:
-- GitHub Dependabot
-- Regular security audits
+1. Reporter submits vulnerability via the email above.
+2. We acknowledge receipt within **48 hours**.
+3. We work to develop and release a fix within **90 days**.
+4. Once the fix is released, the vulnerability may be publicly disclosed.
+5. If we are unable to fix the issue within 90 days, we will coordinate with the reporter on an appropriate disclosure timeline.
 
-## Disclosure Policy
+## Scope
 
-We follow coordinated disclosure:
+### In Scope
 
-1. Reporter notifies us privately
-2. We confirm and assess the vulnerability
-3. We develop and test a fix
-4. We coordinate disclosure timing with the reporter
-5. Fix is released with security advisory
-6. Credit is given to the reporter (unless they prefer anonymity)
+- Source code of Agent OS
+- Third-party dependencies used by Agent OS
+- Configuration files and deployment templates
+- CI/CD pipeline configurations
+- Documentation that could lead to insecure usage
 
-## Security Advisories
+### Out of Scope
 
-Published security advisories are available at:
-[github.com/imran-siddique/agent-os/security/advisories](https://github.com/imran-siddique/agent-os/security/advisories)
+- Social engineering attacks against maintainers or users
+- Denial of Service (DoS/DDoS) attacks
+- Attacks requiring physical access
+- Issues in third-party services not controlled by this project
+- Vulnerabilities already reported and being addressed
 
-## Hall of Fame
+## Security Best Practices for Users
 
-We recognize security researchers who responsibly disclose vulnerabilities:
+- **Keep dependencies updated:** Regularly run dependency audits and update to the latest versions.
+- **Use environment variables for secrets:** Never hardcode credentials, API keys, or tokens in configuration files.
+- **Enable access controls:** Follow the principle of least privilege when configuring agent permissions.
+- **Review configurations:** Audit your deployment configurations against the provided security guidelines.
+- **Monitor for advisories:** Watch this repository for security advisories and release notes.
+- **Use signed commits:** Enable GPG or SSH commit signing to ensure code integrity.
+- **Run in isolated environments:** Use containers or sandboxed environments for agent workloads.
 
-*No submissions yet - be the first!*
+## Agent Governance Ecosystem
 
-## Contact
+Agent OS is part of the broader **Agent Governance Ecosystem**, which provides a unified framework for secure, observable, and compliant AI agent operations. Security policies are coordinated across all ecosystem projects to ensure consistent protection.
 
-- Security issues: security@agent-os.dev
-- General questions: [GitHub Discussions](https://github.com/imran-siddique/agent-os/discussions)
+For ecosystem-wide security concerns, please contact [security@imransiddique.com](mailto:security@imransiddique.com).
 
 ---
 
-*Last updated: February 2026*
+Thank you for helping keep Agent OS and the Agent Governance Ecosystem safe for everyone.