docs: added a security policy

SECURITY.md

@@ -0,0 +1,65 @@
+# Security Policy
+
+This document outlines the process for responsibly reporting security vulnerabilities in the **robotframework-PlatynUI** project. We value the security of our users and contributors, and we appreciate your efforts to help us maintain a secure project environment.
+
+## Scope
+
+This Security Policy applies to all publicly available code within the **robotframework-PlatynUI** repository. It covers vulnerabilities in:
+
+- The source code contained in this repository.
+- Any documentation or website content hosted as part of the project.
+- Dependencies and related tools that are part of the project distribution.
+
+## Reporting a Vulnerability
+
+If you believe you have identified a security vulnerability, please follow these steps:
+
+1. **Do Not Publicly Disclose the Vulnerability**
+   Please refrain from discussing, disclosing, or committing any details of the vulnerability publicly. We request that you keep this information confidential while we work to resolve the issue.
+
+2. **Submit Your Report**
+   Send a detailed report to the project maintainers by email at:
+   `[email protected]`
+
+   Your report should include:
+   - A clear description of the vulnerability.
+   - Steps to reproduce the issue.
+   - The potential impact of the vulnerability.
+   - Any suggested fixes or additional information that can help us diagnose and resolve the issue.
+
+3. **Provide Necessary Context**
+   Include information about your testing environment, such as:
+   - Operating system, software version, and any other relevant dependencies.
+   - How the vulnerability was discovered or its potential triggers.
+
+## Vulnerability Response Process
+
+- **Acknowledgment:**
+  Upon receiving your report, the maintainers will acknowledge receipt within five business days.
+- **Investigation:**
+  We will promptly investigate the report and strive to provide updates regarding the status and proposed fix as soon as practicable.
+- **Resolution:**
+  Once the vulnerability is confirmed, a patch or appropriate remediation will be made available.
+- **Disclosure:**
+  After resolution, a public disclosure may be issued to provide details of the vulnerability and instructions for upgrading, if necessary. We will work with you to ensure responsible disclosure practices are maintained.
+
+## Guidelines for Responsible Disclosure
+
+- **Cooperation:**
+  We appreciate your cooperation in providing us the necessary time to investigate and address the reported vulnerability.
+- **Sensitivity:**
+  If you believe that your communication has been mishandled or require further discussion about the security details, please contact us at the provided email address.
+- **Legal Considerations:**
+  By choosing to report in good faith, you agree to our use of this information to improve the security of the **robotframework-PlatynUI** project. We do not take any action that may compromise your confidentiality.
+
+## Exclusions
+
+This policy does not cover:
+- Issues that are primarily aesthetic or minor bugs with no direct security impact.
+- Vulnerabilities within third-party software unless integrated directly as a dependency in the project.
+
+## Final Note
+
+Your efforts are highly appreciated as they help to keep the project secure and protect our users. We thank you for your contribution and responsible approach in handling security matters.
+
+---