Create SECURITY.md

SECURITY.md

@@ -0,0 +1,31 @@
+# Security Policy
+
+The MimeKit team takes the security of our software products and services seriously.
+
+If you believe you have found a security vulnerability in the MimeKit repository, please report it to us as described below.
+
+## Supported Versions
+
+Due to the fact that the MimeKit team is small (currently only myself), I can
+only support security fixes for the latest version.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.x     | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via a [Private Security Advisory](https://github.com/jstedfast/MimeKit/security/advisories/new) submission.
+
+For more information about the fields available and guidance on filling in the form, see
+"[Creating a repository security advisory](https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory)"
+and "[Best practices for writing repository security advisories.](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/best-practices-for-writing-repository-security-advisories)"
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via [email](mailto:[email protected]?subject=MimeKit%20Security%20Advisory) to ensure we received your original message.
+
+## Preferred Languages
+
+All communications should be in English.