From 780079d29998119c7ddc47d30435b834b953b016 Mon Sep 17 00:00:00 2001
From: raulsagrado <119356996+raulsagrado@users.noreply.github.com>
Date: Tue, 17 Feb 2026 22:21:05 -0400
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9bc868d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,36 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security issue, please report it **privately**.
+
+Email: rrosado6@gatech.edu
+Subject: SECURITY: <short description>
+
+Include:
+- Description of the issue and impact
+- Steps to reproduce (POC if available)
+- Affected components
+- Screenshots or logs (if helpful)
+
+Do not open public issues for security vulnerabilities.
+
+## Response Timeline
+
+- Acknowledgement within 2 business days  
+- Triage and severity assessment within 5 business days  
+- Fix or mitigation as soon as practical based on severity  
+
+## Responsible Disclosure
+
+We support responsible security research conducted in good faith.  
+Please avoid service disruption, data exfiltration beyond proof-of-concept, or privacy violations.
+
+Public disclosure should occur only after a fix or mitigation is available.
+
+## Security Expectations
+
+- Enforce server-side authorization (RBAC)
+- Protect sensitive data in transit (TLS)
+- Log and audit critical actions
+- Review code before merging