From 5d123b67a60a4d0b2f1feda07ee2211d6f3d4c2e Mon Sep 17 00:00:00 2001
From: Rehan Ahmad <rehan.meeh@gmail.com>
Date: Thu, 18 Jun 2026 19:05:49 +0530
Subject: [PATCH] docs: add SECURITY.md with vulnerability reporting policy

---
 SECURITY.md | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9111aa5
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,51 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions of **School Website** are currently supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| main    | ✅ Yes             |
+
+## Contact Details
+
+To report a security vulnerability in **School Website**, please reach out via:
+
+- 👤 Maintainer: [Sitaram8472](https://github.com/Sitaram8472)
+- 💬 Sending a private message through social links listed in the profile
+
+> Please **do not** open a public GitHub issue for security vulnerabilities.
+
+## What to Include in Your Report
+
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- Affected versions or components
+- Potential impact assessment
+- Any suggested fix (optional but appreciated)
+
+## Expected Response Time
+
+| Action                        | Timeframe         |
+| ----------------------------- | ----------------- |
+| Acknowledgement of report     | Within 48 hours   |
+| Status update                 | Within 7 days     |
+| Patch / fix release           | Within 30 days    |
+
+## Responsible Disclosure Policy
+
+We follow a **responsible disclosure** policy:
+
+- Please report vulnerabilities **privately** before any public disclosure
+- We request an **embargo period of 30 days** to investigate and patch the issue
+- After a fix is released, you are welcome to publish your findings
+- We will credit reporters in the patch notes unless anonymity is requested
+- We deeply appreciate the efforts of security researchers 🙏
+
+## References
+
+- [School Website Repository](https://github.com/Sitaram8472/School_Website)
+- [GitHub Security Advisories Docs](https://docs.github.com/en/code-security/security-advisories)
+- [Responsible Disclosure — OWASP](https://owasp.org/www-community/Vulnerability_Disclosure_Cheat_Sheet)
+- [Adding a Security Policy to your repo](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository)