doc: add security document

rjzak · rjzak · commit 788a2e7d5788 · 2023-12-25T11:15:26.000-05:00
Signed-off-by: Richard Zak &lt;richard.j.zak@gmail.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,10 @@
+## MalwareDB Security & Vulnerability Disclosure Process
+
+If any vulnerability or security issue is discovered in MalwareDB (or any repository under the [MalwareDB](https://github.com/malwaredb/) organization, please inform the maintainer via email at richard.j.zak *at* gmail.com. If you wish to communicate via GPG, send an email requesting a GPG public key, or send an email to rjzak *at* protonmail.ch.
+
+Please include:
+* The steps needed to reproduce the vulnerability;
+* The vulnerable version(s), preferably with Git hash (`git log -1`);
+* and any additional files to reproduce the vulnerability.
+
+Upon receipt, the maintainer will review, respond, and fix the vulnerability in a timely manner.
