Add SECURITY.md (#300)

* Add SECURITY.md

* Update README.md

* Update SECURITY.md

* Update SECURITY.md

Author: aumetra

README.md

@@ -76,6 +76,10 @@ We successfully federated with Mastodon on the following functionality:
 Contributions are very welcome. However, if you intend to change anything more than updating a dependency or fixing a small bug, please open an issue first.
 We would like to discuss any bigger changes before they are actually implemented.
 
+### Security
+
+If you found a suspected security vulnerability, please refer to our [security policy](./SECURITY.md) for more details.
+
 ### Note on required libraries
 
 We use [Nix](https://nixos.org) for handling our development dependencies.

SECURITY.md

@@ -0,0 +1,18 @@
+# Security policy
+
+> **Warning**
+> At this time, Kitsune is in early stages of development. We don't recommend setting up an instance yet.
+
+## Reporting a vulnerability
+
+> Please **DO NOT** report security vulnerabilities via the public issue tracker
+
+To report a vulnerability, please navigate to the [Advisories page](https://github.com/kitsune-soc/kitsune/security/advisories) and click on "Report a vulnerability".  
+You will then be taken to a form where you can file the report.
+
+Please include as much information as possible in your report:
+
+- The git revision you are running
+- The operating system Kitsune is running on
+- Any backtraces (if applicable)
+- Reproduction steps