From 53d779311ed238d5867b84a2c726893e6b859e8f Mon Sep 17 00:00:00 2001
From: Yorji <261316343+Yorji-Porji@users.noreply.github.com>
Date: Mon, 13 Apr 2026 12:49:33 -0400
Subject: [PATCH] Create SECURITY.md

This PR introduces a standard SECURITY.md policy file to the repository.

While reviewing the codebase, I noticed there wasn't a defined channel for the private, responsible disclosure of security vulnerabilities. Adding this policy helps protect the project by guiding researchers to report bugs privately rather than in public issues.

I highly recommend merging this and enabling GitHub's "Private Vulnerability Reporting" feature in your repository settings. I currently have some security findings I would like to share with the maintainers securely once a private channel or contact method is established.
---
 SECURITY.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..72f7bc4
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,31 @@
+# Security Policy
+
+## Supported Versions
+
+Please check the table below for the supported versions that are currently receiving security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| `main` / `develop` | :white_check_mark: |
+| `< 1.0.0` | :x:                |
+
+*(Note: Adjust the table above to reflect MemPalace's actual release cycle)*
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+We take the security of MemPalace seriously. If you believe you have found a security vulnerability, please report it to us privately using one of the following methods:
+
+1. **GitHub Private Vulnerability Reporting:** Navigate to the "Security" tab in this repository, click on "Advisories," and select "Report a vulnerability."
+2. **Direct Contact:** If private reporting is not enabled, please email the core maintainers directly at `[Insert Maintainer Email Here]`.
+
+### What to include in your report:
+* A descriptive summary of the vulnerability.
+* Detailed steps to reproduce the issue (including any proof-of-concept scripts or specific file paths).
+* The potential impact and severity of the vulnerability.
+
+### What to expect:
+* We aim to acknowledge receipt of your vulnerability report within 48 hours.
+* We will triage the issue and keep you updated on our progress toward a patch.
+* Once the vulnerability is resolved and an update is released, we will publish a security advisory and credit you for the discovery (if you wish to be credited).