Create SECURITY.md

SECURITY.md

@@ -0,0 +1,36 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Support security updates |
+| ------- | ------------------------ |
+| 3.x     | :white_check_mark:       |
+| < 3.0   | :x:                      |
+
+## Reporting a Vulnerability
+
+If there are any vulnerabilities in {{cookiecutter.project_name}}, don't hesitate to report them.
+
+    1. Use any of the private contact addresses: contact@nicolargo.com
+
+    2. Describe the vulnerability.
+
+      * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+      * Full paths of source file(s) related to the manifestation of the issue
+      * The location of the affected source code (tag/branch/commit or direct URL)
+      * Any special configuration required to reproduce the issue
+      * Step-by-step instructions to reproduce the issue
+      * Proof-of-concept or exploit code (if possible)
+      * Impact of the issue, including how an attacker might exploit the issue
+
+    3. If you have a fix, that is most welcome -- please attach or summarize it in your message!
+
+    4. We will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. We will contact you to let you know the outcome, and will credit you in the report.
+
+    5. Please do not disclose the vulnerability publicly until a fix is released!
+
+Once we have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.
+