Create SECURITY.md

Author: romdalf

SECURITY.md

@@ -0,0 +1,33 @@
+# Security
+
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in this project,
+please **report it via the [Security and quality](https://github.com/NetApp/neoctl/security) and not via an GitHub issue**.  
+
+We will work with you to verify the vulnerability, build a patch, validate  
+the fix, and finally issue a public report. 
+
+When reporting issues, please provide the following information:
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the
+project contributors a chance to resolve the vulnerability and issue a new
+release prior to any public exposure; this helps protect the project's
+users, and provides them with a chance to upgrade and/or update in order to
+protect their applications.
+
+## Policy
+
+If we verify a reported security vulnerability, our policy is:
+
+- We will patch the current release branch, as well as the immediate prior minor
+  release branch.
+
+- After patching the release branches, we will immediately issue new security
+  fix releases for each patched release branch.
+
+- A security advisory will be released on the project GitHub repository detailing the
+  vulnerability, as well as recommendations for end-users to protect themselves.