Merge pull request #8111 from processing/ksen0-patch-2

Revise security policy and reporting guidelines

Author: ksen0

SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security vulnerabilities by emailing: [email protected]
+
+## What to Expect
+- We will acknowledge your email within 72 hours
+- We will provide regular updates about our progress
+- Once the issue is confirmed and fixed, we may ask you to verify the solution
+
+## Disclosure Policy
+- Please do not disclose the vulnerability publicly until we have had a chance to address it
+- We do not offer bounties as we are a non-profit organization
+- We appreciate your efforts to responsibly disclose your findings
+
+## Scope
+
+You can use the above email to report vulnerabilities in p5.js and related repositories managed by the processing org, including the reference website.