Create SECURITY.md

- added basic supported version matrix
- added email contact for vulnerability disclosure

Author: fuzzblob

SECURITY.md

@@ -0,0 +1,16 @@
+# Security Policy
+
+## Supported Versions
+
+The following table should clarify which versions are currently supported:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.2.x   | :white_check_mark: |
+| < 0.2.3 | :x:                |
+
+## Reporting a Vulnerability
+
+To report a security issue, please [email the administrator](mailto:[email protected]) with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+Our "vulnerability management team" will respond within 14 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.