Create SECURITY.md (#162)

- add SECURITY.md

Author: minikin

SECURITY.md

@@ -0,0 +1,17 @@
+# Security
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to [email protected]. You will receive a
+response from us within 48 hours. If the issue is confirmed, we will release a patch as soon
+as possible.
+
+Please provide a clear and concise description of the vulnerability, including:
+
+* the affected version(s),
+* steps that can be followed to exercise the vulnerability,
+* any workarounds or mitigations.
+
+If you have developed any code or utilities that can help demonstrate the suspected
+vulnerability, please mention them in your email but ***DO NOT*** attempt to include them as
+attachments as this may cause your Email to be blocked by spam filters.