Add Security Policy

Signed-off-by: Milton Moura <[email protected]>

SECURITY.md

@@ -0,0 +1,26 @@
+# Security Policy
+
+Nordeck establishes a clear process for reporting and addressing security vulnerabilities in our supported products and systems. It fosters collaboration with researchers and stakeholders, ensuring issues are resolved promptly to protect our users and strengthen trust in our organization.
+
+## Supported Versions
+
+| Package                              | Version | Supported          |
+| ------------------------------------ | ------- | ------------------ |
+| @matrix-widget-toolkit/api           | >= 4.x  | :white_check_mark: |
+| @matrix-widget-toolkit/mui           | >= 2.x  | :white_check_mark: |
+| @matrix-widget-toolkit/react         | >= 2.x  | :white_check_mark: |
+| @matrix-widget-toolkit/testing       | >= 3.x  | :white_check_mark: |
+| @matrix-widget-toolkit/widget-server | >= 1.x  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you have discovered a security issue with our products, please submit a report to [email protected], with the following information:
+
+- Your contact email address
+- The vulnerability description
+- The steps to reproduce it and a proof of concept
+- The assumed impact and recommended fix
+
+Nordeck does not provide compensation in exchange for information pertaining to security vulnerabilities under this policy. We may choose not to pursue, contact, or otherwise interact with reporters who decline to identify themselves when making the report. We will deal in good faith with reporting parties who comply with these guidelines. We may choose to disregard submissions by parties who submit a high volume of low-quality reports.
+
+For more detailed information, please read Nordeck's full [Vulnerability Disclosure Policy](https://github.com/nordeck/.github/blob/main/SECURITY.md).