Create SECURITY.md

SECURITY.md

@@ -0,0 +1,34 @@
+
+# Security Policy
+
+ODE-toolbox is research-oriented software and as such is expected to
+run mainly in well-protected environments. In case it is found that this
+software can be used to violate security mechanisms, developers will try to
+provide patches that mitigate the risk of this misuse.
+
+The current policy is explained in SECURITY.md in the ODE-toolbox
+main branch. The policy can also be found at
+<https://github.com/nest/ode-toolbox/security/policy>.
+
+## Supported Versions
+
+Generally only the latest release will receive security related
+updates. Currently the following versions are being supported with security
+updates:
+
+| Version  | Supported              |
+| -------- | ---------------------- |
+| main     | yes :heavy_check_mark: |
+
+## Reporting a Vulnerability
+
+For reporting a vulnerability please create a security advisory on the
+nest/ode-toolbox [Security
+Advisories](https://github.com/nest/ode-toolbox/security/advisories)
+page.  You need a GitHub account to create an advisory.
+
+Developers will then contact the reporter in a timely manner to assess
+severity and further handling via [Security
+Advisories](https://github.com/nest/ode-toolbox/security/advisories)
+or as normal [Issue](https://github.com/nest/ode-toolbox/issues) in
+non-critical cases.