Create SECURITY.md

Of course, the security center of this repository should also be looked at, and review the document "Incident Protocol - Open Source Software @ Github".

Author: squell

SECURITY.md

@@ -0,0 +1,31 @@
+Security policy
+===============
+
+**Do not report security vulnerabilities through public GitHub issues.**
+Instead, you can report security vulnerabilities using [our security page].
+
+Please include as much of the following information as possible:
+
+ * Type of issue (e.g. buffer overflow, privilege escalation, etc.)
+ * The location of the affected source code (tag/branch/commit or direct URL)
+ * Any special configuration required to reproduce the issue
+ * If applicable, which platforms are affected
+ * Step-by-step instructions to reproduce the issue
+ * Impact of the issue, including how an attacker might exploit the issue
+
+## Preferred Languages
+
+We prefer to receive reports in English. If necessary, we also understand Dutch and Frisian.
+
+## Disclosure Policy
+
+We adhere to the principle of [coordinated vulnerability disclosure].
+
+Security Advisories
+===================
+Security advisories will be published on our [github advisories page] and
+possibly through other channels.
+
+[our security page]: https://github.com/memory-safety/zlib-rs/security
+[coordinated vulnerability disclosure]: https://vuls.cert.org/confluence/display/CVD/Executive+Summary
+[github advisories page]: https://github.com/memory-safety/zlib-rs/security/advisories