Add SECURITY.md

SECURITY.md

@@ -0,0 +1,47 @@
+# Security Policy
+
+## Supported Versions
+
+We release security fixes for the latest minor version. We encourage all users to stay on the latest release.
+
+| Version        | Supported          |
+|----------------|--------------------|
+| latest release | :white_check_mark: |
+| older releases | :x:                |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+If you believe you have found a security vulnerability in any Sveltos repository, please report it responsibly by sending an email to:
+
+**support@projectsveltos.io**
+
+Please include as much of the following information as possible to help us understand and resolve the issue quickly:
+
+- A description of the vulnerability and its potential impact
+- The affected component(s) and version(s)
+- Step-by-step instructions to reproduce the issue
+- Any proof-of-concept or exploit code (if applicable)
+- Suggested remediation (if any)
+
+## Response Process
+
+- You will receive an acknowledgement within **2 business days**
+- We will investigate and keep you informed of our progress
+- Once the issue is confirmed, we will work on a fix and coordinate a release
+- We will publicly disclose the vulnerability after a fix is available, giving you credit unless you prefer to remain anonymous
+
+## Scope
+
+This policy covers all projects under the [projectsveltos](https://github.com/projectsveltos) GitHub organization.
+
+## Out of Scope
+
+- Vulnerabilities in dependencies (please report those to the upstream project)
+- Issues in non-production branches or unreleased code
+- Social engineering attacks
+
+## Thank You
+
+We appreciate responsible disclosure and the work of the security community in keeping Sveltos and its users safe.