docs: add security policy

NickDJM · NickDJM · commit 9964d4f07026 · 2022-02-17T16:02:25.000-05:00
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+| ------- | --------- |
+| 1.x     | ✔         |
+
+## Reporting a Vulnerability
+
+If you discover a vulnerability within this project, please [open an issue](https://github.com/coldfrontlabs/eslint-plugin-drupal-contrib/issues/new) and label it with the `security` tag. The issue board is checked at least 2-3 times a week, so you should expect a response to your issue within a few days.
+
+If a PR is submitted along with the issue to resolve the vulnerability, you can expect it to be reviewed within the same time frame as issue responses. If a PR is not submitted, the time it takes to develop a fix will differ depending on the severity of the vulnerability.
+
+## Vulnerabilities in dependencies
+
+Vulnerabilities to dependencies will be updated as soon as a fix is available and an update will be pushed out.
+
+Any vulnerable _dev_ dependencies will be updated when/if possible- though a new release of eslint-plugin-drupal-contrib may not be pushed out right away.
