[SECURITY] Add security policy to repo #191

[rishabhRsinghvi]

Addition of SECURITY.md

Overview

This change introduces a SECURITY.md file to the repository. The goal is to provide a clear and structured security policy, making it easier for contributors and users to report any security vulnerabilities they might find. This addition addresses Issue #191 and leverages GitHub's new feature for security policies.

Rationale

Ensuring the security of our project is crucial. By adding a SECURITY.md file, we establish a straightforward process for reporting potential security issues. This not only helps us maintain a secure codebase but also shows our commitment to transparency and collaboration.

Details of the Security Policy

1. Reporting a Vulnerability:

   • Contact Information: If you discover a vulnerability, please report it via email to security@gnosis.pm.
   • Required Information: When reporting, include detailed steps to reproduce the issue and any potential fixes you might have.
   • Response Time: Our security team commits to acknowledging receipt of the report within 7 days. We'll provide follow-up details on the fix and the expected release timeline.

2. Supported Versions:

   • We outline which versions of the software are currently supported with security updates.
   • Supported Versions Table:
     • Version 1.x: Supported
     • Version 0.x: Not Supported

3. Security Updates:

   • We follow best practices for security and will release updates as necessary.
   • Critical security updates will be released immediately to address urgent vulnerabilities.

4. Further Information:

   • For more information on our security practices, please visit our Security Page.

Benefits

• Enhanced Security: Provides a clear process for reporting vulnerabilities, which helps us quickly identify and fix security issues.
• Transparency and Trust: Demonstrates our commitment to maintaining a secure project by openly communicating our security practices and response protocols.
• Encourages Collaboration: Fosters a secure and collaborative environment by encouraging responsible disclosure from contributors.

Conclusion

Adding the SECURITY.md file is a proactive step towards strengthening the security framework of the Gnosis PM Contracts repository. By clearly outlining the process for reporting vulnerabilities, supported versions, and our update protocols, we aim to ensure a secure and collaborative environment for all contributors and users.