#86 re-add SECURITY.md file

SECURITY.md

@@ -0,0 +1,31 @@
+# Security Policy
+
+## Reporting a Vulnerability
+Please use the <a href="https://cveform.mitre.org/" target="_blank">CVE Program web forms</a> to report security vulnerabilities for the 
+<a href="https://www.cve.org" target="_blank">CVE website</a>. Please include vulnerability details, steps to reproduce (e.g., proof-of-concept code, 
+screenshots) and an assessment of the impact in your report. We appreciate concise and high-quality reports.
+
+## Web Form Submissions
+
+* In the “Select a request type” drop down menu, please select “Other”
+* Enter your email address in the space provided
+* You may enter a PGP key if you prefer to encrypt your correspondence
+* In the “Type of comment” drop down menu, please select “Issue”
+* In the textbox labeled “Please provide your question, issue, comment, etc.” please start the message with the following information: 
+  - First Line: “CVE Website Security Anomaly Report”
+  - Second Line: “Distribution: CVE Website Development Team”
+  - Third Line: "Description: [Free Text description of the anomaly]”
+* Enter the Security code
+* Click “Submit Request”
+
+## Scope
+
+The <a href="https://www.cve.org" target="_blank">CVE website</a> and <a href="https://github.com/CVEProject/cve-website">CVE Website repository on 
+GitHub</a> are in scope for reporting vulnerabilities.
+
+## Fixes
+We will release fixes for verified security vulnerabilities. We expect to publish vulnerabilities using GitHub 
+<a href="https://github.com/CVEProject/cve-website/security/advisories" target="_blank">security advisories</a>.
+
+## Coordination
+We appreciate the opportunity to investigate and develop fixes before public disclosure, following coordinated vulnerability disclosure practices.