add SECURITY.md

tomasvotava · web-flow · commit a580a684e5a8 · 2023-09-30T08:18:07.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+## Overview
+Security is of paramount importance to this project, especially since it deals with login functionalities.
+That being said, an oopsie may happen and it is crucial for me to be informed promptly. This document provides an overview of the supported
+versions and instructions on reporting any security-related issues or vulnerabilities you might discover.
+
+## Supported Versions
+`fastapi-sso` is still in its developmental phases, and we haven't rolled out a 1.0.0 release yet. Currently, I am offering support for all releases `0.7.0` and newer.
+
+| Version    | Supported          |
+| -----------| ------------------ |
+| >= 0.7.0   | :white_check_mark: |
+
+## Reporting a Vulnerability
+Addressing security issues can be time-consuming, but rest assured, I take them very seriously and endeavor to resolve them as swiftly as possible. If you identify a security vulnerability in `fastapi-sso`, I urge you to notify me.
+
+### Steps to Report a Vulnerability:
+1. Create a new issue in our [Issue Tracker](https://github.com/tomasvotava/fastapi-sso/issues).
+2. Assign the `security` label to the issue.
+3. Furnish a detailed description of the issue, specifying where the vulnerability occurs, the steps to reproduce it, and its potential impacts.
+
+### What to Expect
+I will acknowledge the receipt of your vulnerability report and keep you posted on the progress regularly.
+
+### Disclosure Policy
+In the realm of coding etiquette, it is generally frowned upon to publicly disclose issues without prior communication with me.
+Therefore, I ask you to discuss any grievances or concerns about `fastapi-sso` with me before publicizing them.
+
+In other words, if there's something concerning `fastapi-sso` you'd like to bitch about, let me know and we'll bitch about it together.
+
+## Thank You
+Raising an issue is a significant contribution, and I always appreciate discovering that people are using `fastapi-sso`. I am thankful for any insights or feedback provided.
