Create SECURITY.md

SECURITY.md

@@ -0,0 +1,46 @@
+# Security Policy
+
+## Supported Versions
+
+We currently support the following versions of Melodica for security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| latest  | ✅                 |
+| older versions | ❌         |
+
+Please make sure to update to the latest version to benefit from the latest security patches and updates.
+
+## Reporting a Vulnerability
+
+We take security vulnerabilities seriously. If you discover a security issue within Melodica, please follow these steps to report it responsibly:
+
+1. **Do not open a public issue**. Reporting vulnerabilities publicly can lead to misuse of the information.
+2. Instead, please email the maintainer(s) at:
+   ```
+   [email protected]
+   ```
+3. In your email, include:
+   - A description of the vulnerability.
+   - Detailed steps to reproduce the issue, if applicable.
+   - Any potential impact you believe the vulnerability may have on the project.
+
+### Response Process
+
+Upon receiving a report, we will:
+
+1. Acknowledge receipt of your vulnerability report.
+2. Begin the process of validating and reproducing the issue.
+3. Work on a fix, keeping you updated throughout the process.
+4. Release a patch to address the vulnerability.
+5. Publicly acknowledge and thank the reporter (if desired) once the vulnerability is resolved.
+
+### Security Updates
+
+We will periodically update Melodica with security patches, and encourage users to stay on the latest release for optimal security. Major vulnerabilities and their fixes will be documented in our release notes.
+
+## Responsible Disclosure
+
+We kindly request that reporters follow responsible disclosure practices, giving us the opportunity to address and patch vulnerabilities before sharing details publicly. 
+
+Thank you for helping us keep Melodica secure for everyone!