Create SECURITY.md

Author: jonaslejon

SECURITY.md

@@ -0,0 +1,30 @@
+# Security Policy
+
+## Reporting Security Issues
+
+If you discover a security vulnerability or issue in this project, please contact us privately via email as soon as possible. Do not submit security vulnerabilities via public GitHub issues.
+
+We can't provide any money, swag, etc, for vulnerability reports.
+
+**Contact Information:**
+
+- Email: jonas.vulnerability@triop.se
+- Subject: Include "[Security Issue]" in the subject line
+
+When reporting vulnerabilities, please encrypt your message using our PGP key available here:
+[PGP Public Key](https://triop.se/public_key.txt)
+
+We treat your report with high priority and will respond as quickly as possible.
+
+## Responsible Disclosure
+
+Please follow these guidelines when reporting a security issue:
+
+1. Report vulnerabilities privately via email.
+2. Provide clear and detailed instructions on how to reproduce the issue.
+3. Allow us a reasonable amount of time to investigate and resolve the issue before disclosing it publicly.
+
+## Security Updates
+
+Security updates and information about resolved vulnerabilities will be published in the project's CHANGELOG and releases.
+