🔒 add security file

SECURITY

@@ -0,0 +1,35 @@
+# Security
+
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in this project,
+please report it to us at discussion channel or <antoine@kams-art.com>. We will work with you to
+verify the vulnerability and patch it.
+
+When reporting issues, please provide the following information:
+
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the
+project contributors a chance to resolve the vulnerability and issue a new
+release prior to any public exposure; this helps protect the project's
+users, and provides them with a chance to upgrade and/or update in order to
+protect their applications.
+
+## Policy
+
+If we verify a reported security vulnerability, our policy is:
+
+- We will patch the current release branch, as well as the immediate prior minor
+  release branch.
+
+- After patching the release branches, we will immediately issue new security
+  fix releases for each patched release branch.
+
+- A security advisory will be released on the project website detailing the
+  vulnerability, as well as recommendations for end-users to protect themselves.
+  Security advisories will be listed at https://getlaminas.org/security/advisories,
+  as well as via a [feed](https://getlaminas.org/security/feed) (which is also
+  present in the website head for easy feed discovery).