Add SECURITY file.

Author: pwood

SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities, consumers are expected to track the latest version of the library.
+
+## Reporting a Vulnerability
+
+For low risk security vulnerabilities CVSS 3.1 scores of < 5.0, you may log the issue via the GitHub tracker. Otherwise
+and for all other vulnerabilities, please report (suspected) security vulnerabilities to *[email protected]*.
+We are an open source volunteer project, we aim to respond to you within 72 hours.
+If the issue is confirmed, we will release a patch as soon as possible depending on complexity.