Create SECURITY.md

h3rrr · web-flow · commit bcb5df2d0f36 · 2025-08-27T10:52:06.000+08:00
Signed-off-by: h3rrr &lt;81402797+h3rrr@users.noreply.github.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,18 @@
+# Security Policy
+
+# Reporting a Vulnerability
+At MONAI, we take security seriously and appreciate your efforts to responsibly disclose vulnerabilities. If you discover a security issue, please report it as soon as possible.
+
+Please do not create public issues for security-related reports.
+
+* To report a security issue, please use the GitHub Security Advisories tab to "Open a draft security advisory".
+* Include a detailed description of the issue, steps to reproduce, potential impact, and any possible mitigations.
+* If applicable, please also attach proof-of-concept code or screenshots.
+* We will acknowledge your report within 72 hours and provide a status update as we investigate.
+
+# Disclosure Policy
+* We follow a coordinated disclosure approach.
+* We will not publicly disclose vulnerabilities until a fix has been developed and released.
+* Credit will be given to researchers who responsibly disclose vulnerabilities, if requested.
+# Acknowledgements
+We greatly appreciate contributions from the security community and strive to recognize all researchers who help keep Cherry Studio safe.
