Create SECURITY.md

skadefro · web-flow · commit bdd9d2578920 · 2025-05-19T13:04:43.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,30 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover any security issues, please let us know by one of the following methods:
+
+- **GitHub Private Security Advisories**  
+  Submit a private advisory on this repository.
+- **Email**  
+  Send an email to security@openiap.io
+
+We aim to respond to all valid reports within **48 hours**.
+
+## Supported Versions
+
+We actively provide security fixes for the **two latest major releases**. If you’re running an older version, please upgrade to continue receiving important updates.
+
+## Security Updates
+
+- **GitHub Security Advisories**  
+  Subscribe to be notified of any published advisories.  
+- **Dependabot & Automated Scans**  
+  We use Dependabot and GitHub’s code-scanning tools to catch vulnerabilities early.
+
+## Disclosure & Bounty
+
+- Public disclosure is encouraged once a fix is available.  
+- We do **not** currently run a paid bug-bounty program.
+
+Thank you for helping us keep the project secure!
