Merge pull request redis#11 from valkey-io/add-security-policy

adding security policy

Author: aiven-sal

.github/wordlist.txt

@@ -158,3 +158,4 @@ valkey
 valkeymodules
 virtualenv
 www
+md

CONTRIBUTING.md

@@ -180,22 +180,10 @@ Please try at least versions of Docker.
 
 ## How to Report a Bug
 
-### Security Vulnerabilities
-
-**NOTE**: If you find a security vulnerability, do NOT open an issue.
-Email [Salvatore Mesoraca (<[email protected]>)](mailto:[email protected]) instead.
 
-In order to determine whether you are dealing with a security issue, ask
-yourself these two questions:
-
--   Can I access something that's not mine, or something I shouldn't
-    have access to?
--   Can I disable something for other people?
+### Security Vulnerabilities
 
-If the answer to either of those two questions are *yes*, then you're
-probably dealing with a security issue. Note that even if you answer
-*no*  to both questions, you may still be dealing with a security
-issue, so if you're unsure, just email [us](mailto:[email protected]).
+Reporting a vulnerability? See [SECURITY.md](https://github.com/valkey-io/valkey-py/blob/main/SECURITY.md).
 
 ### Everything Else
 

SECURITY.md

@@ -0,0 +1,7 @@
+## Reporting a Vulnerability
+
+If you believe you've discovered a security vulnerability, please contact the Valkey team at [email protected].
+Please *DO NOT* create an issue.
+We follow a responsible disclosure procedure, so depending on the severity of the issue we may notify Valkey vendors about the issue before releasing it publicly.
+If you would like to be added to our list of vendors, please reach out to the Valkey team at [email protected].
+