Create SECURITY.md

SECURITY.md

@@ -0,0 +1,42 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
+
+# Security Policy
+
+## Supported Versions
+
+We currently support the code running on the "development" branch of this repository. We are not currently versioning this repo so please assume that any code currently on the master branch is code that we are actively supporting by our team. 
+
+In terms of plugin releases, we support the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2020.11   | :white_check_mark: |
+| 6.0.x (Pre-Release)  | :x:                |
+| < 2020.11  | :x:                |
+| < 5.x  | :x:                |
+
+## Reporting a Vulnerability
+
+If the report has minor security implications (ie we've added a super admin to a senior admins permission) please raise an post on [our forums](https://forum.totalfreedom.me/) in the first instance. If you do not have a forum account and do not wish to sign up, please e-mail us using the e-mail in the next sentence.
+
+For security vulnerabilities that are more severe and that may pose a more significant threat to the servers running this plugin, please e-mail os-security-reports [ AT ] atlas-media.co.uk - You can expect an automated response immediately to acknowledge receipt of your e-mail, and one of our team will aim to respond within 72 hours and will work with you on the best way to address your concerns.