Create SECURITY.md

SECURITY.md

@@ -0,0 +1,27 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 3.x.x   | :white_check_mark: |
+| 2.x.x   | :x:                |
+| 1.x.x   | :x:                |
+
+Please note that only the latest major version and the previous major version will receive security updates. Users are encouraged to upgrade to the latest supported version to ensure they are protected against known vulnerabilities.
+
+## Code Scanning with CodeQL
+
+We utilize CodeQL for static code analysis and security scanning in this project. To proactively identify and address security vulnerabilities, we regularly scan the codebase using CodeQL.
+
+## Reporting a Vulnerability
+
+To report a security vulnerability, follow these steps:
+
+1. **Create a GitHub Issue**: Go to the [Issues tab](https://github.com/RasmusBroborg/DotnetTimecode/issues) of this repository and create a new issue. Please prefix the issue title with "[Security]" for better visibility.
+
+2. **Provide Details**: In the issue description, provide as much detail as possible about the vulnerability. This should include information on how to reproduce the vulnerability and any potential impact.
+
+3. **Fix and Disclosure**: Once the security issue is confirmed and a fix is available, we will work on releasing a patch. We will keep you informed about the progress and expected release date.
+
+Thank you for helping to keep this project secure!