Add SECURITY.md

security.md

@@ -0,0 +1,37 @@
+# Security
+
+At Corteza, the security of our products and services is important to us.
+All of our source code repositories are managed through GitHub organisations.
+Here is the list of [Corteza Repositories](https://github.com/orgs/cortezaproject/repositories)
+
+If you believe you have found a security vulnerability in any Corteza repository, please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please send email to [info@cortezaproject.org](mailto:info@cortezaproject.org).
+
+You should receive a response within 24 business hours. If for some reason you do not,
+please follow up via email to ensure we received your original message. 
+
+Please include the requested information listed below (as much as you can provide)
+to help us better understand the nature and scope of the possible issue:
+
+* Type of issue,
+* full paths of source file(s) related to the manifestation of the issue,
+* the location of the affected source code (tag/branch/commit or direct URL),
+* any special configuration required to reproduce the issue,
+* step-by-step instructions to reproduce the issue,
+* proof-of-concept or exploit code (if possible),
+* impact of the issue, including how an attacker might exploit the issue.
+
+This information will help us triage your report more quickly.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+[Corteza Privacy Policy](https://cortezaproject.org/privacy-policy/)