Create SECURITY.md

atef-ataya · web-flow · commit 4535aabbb4fc · 2025-07-19T11:48:47.000+04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+| Version | Supported |
+|---------|-----------|
+| main    | ✔️ |
+| <next-release> | ✔️ |
+| <older-releases> | ❌ |
+
+Only the versions listed with a ✔️ receive security updates.
+
+## Reporting a Vulnerability
+If you believe you have found a security vulnerability in **<PROJECT NAME>**, please **DO NOT** open a public issue.  
+Instead, email us at **security@atefataya.com** with the following details:
+
+1. **Description** – A clear, concise description of the vulnerability.  
+2. **Reproduction Steps** – Step-by-step instructions or a proof-of-concept.  
+3. **Impact** – What is affected and potential severity.  
+4. **Proposed Fix (optional)** – Any ideas you have for remediation.
+
+We aim to acknowledge your report within **24 hours** and provide a status update within **72 hours**. After a fix is prepared and deployed, we will credit you (unless you request anonymity) in the release notes.
+
+## Disclosure Policy
+* We follow a **90-day responsible disclosure window** by default.  
+* Earlier public disclosure may be coordinated if the vulnerability is being exploited in the wild.  
+* Please test only against your own instances; never run intrusive security tools against production servers without permission.
+
+Thank you for helping keep the community safe! 🙏
