docs(SECURITY): add vulnerability reporting details

sanjayaksaxena · sanjayaksaxena · commit 20c5e091a0c4 · 2022-05-09T13:40:03.000+05:30
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security
+
+Security of all [WinkJS](https://github.com/winkjs) packages, including [winkNLP](https://github.com/winkjs/wink-nlp) is important to us.
+
+
+
+## Supported Versions
+
+Only the latest version of [winkNLP](https://github.com/winkjs/wink-nlp) is supported. This version can be installed and/or downloaded from [NPM](https://www.npmjs.com/package/wink-nlp) or from the [latest GitHub release](https://github.com/winkjs/wink-nlp/releases/latest).
+
+## Reporting a Vulnerability
+
+We would appreciate [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure). If you would like to report a vulnerability, the preferred way to do so is [contacting us directly](mailto:wink@graype.in). Please do not report security vulnerabilities through public GitHub issues.
+
+Please include the following minimum information to help us understand and analyze the potential issue:
+
+ 1. Type of issue for example buffer overflow or privilege escalation.
+ 2. Full path(s) of source file(s) related to the issue including the affected source code’s tag or commit SHA.
+ 3. Step-by-step instructions on how to reproduce the issue, including the sample exploit code
+ 4. Impact of the issue.
+
+
+When you are investigating and reporting the vulnerability you must never:
+1. break any law,
+3. tell others about the vulnerability you have found until we have disclosed it, and/or
+4. demand money to disclose a vulnerability.
