Hi! Would you consider accepting a suggestion of a security policy?

GitHub recommends that projects have a Security Policy (SECURITY.md). This is a simple document that explains how the project wishes to receive and handle responsible disclosure of potential vulnerabilities.

There are a few ways to receive such disclosures:

• have an email or website available to receive such reports; and/or
• use GitHub's private vulnerability reporting feature.

If you're interested in GitHub's feature, it must be activated for the repository:

1. Open the repo's settings
2. Click on Code security & analysis
3. Click "Enable" for "Private vulnerability reporting (Beta)"

Let me know if such PR would be welcome which disclosure method would you perfer. I personally recommend the github vulnerability report feature to make the process simpler.

Thanks!

Disclosure: I am working with Google and the Linux Foundation's Open Source Security Foundation (OpenSSF) to improve the supply-chain security of important open source projects.

Hi! I'd like to work on this, please. I'll be using the github vulnerability report feature.