docs(security): add Security Policy

Co-authored-by: Anton Sapozhnikov <[email protected]>
Co-authored-by: Patrik Nordlén <[email protected]>
Co-authored-by: Samuel Kelemen <[email protected]>

SECURITY.md

@@ -0,0 +1,41 @@
+# Security Policy
+
+Einride welcomes feedback from security researchers and the general public to
+help improve our security. If you believe you have discovered a vulnerability,
+privacy issue, exposed data, or other security issues in relation to this
+project, we want to hear from you. This policy outlines steps for reporting
+security issues to us, what we expect, and what you can expect from us.
+
+## Supported versions
+
+We release patches for security issues according to semantic versioning. This
+project is currently unstable (v0.x) and only the latest version will receive
+security patches.
+
+## Reporting a vulnerability
+
+Please do not report security vulnerabilities through public issues,
+discussions, or change requests.
+
+Please report security issues via [[email protected]][email]. Provide
+all relevant information, including steps to reproduce the issue, any affected
+versions, and known mitigations. The more details you provide, the easier it
+will be for us to triage and fix the issue. You will receive a response from us
+within 2 business days. If the issue is confirmed, a patch will be released as
+soon as possible.
+
+For more information, or security issues not relating to open source code,
+please consult our [Vulnerability Disclosure Policy][vdp].
+
+## Preferred languages
+
+English is our preferred language of communication.
+
+## Contributions and recognition
+
+We appreciate every contribution and will do our best to publicly
+[acknowledge][acknowledgments] your contributions.
+
+[acknowledgments]: https://einride.tech/security-acknowledgments.txt
+[email]: mailto:[email protected]
+[vdp]: https://www.einride.tech/vulnerability-disclosure-policy