docs: adding security policies

Author: erunion

SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If there are any vulnerabilities in one our SDKs here, don't hesitate to _report them_.
+
+Please email [email protected] and describe what you've found.
+
+- If you have a fix, explain or attach it.
+- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.
+
+> You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.

packages/node/SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If there are any vulnerabilities in `readmeio`, don't hesitate to _report them_.
+
+Please email [email protected] and describe what you've found.
+
+- If you have a fix, explain or attach it.
+- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.
+
+> You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.

packages/php/SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If there are any vulnerabilities in `readme/metrics`, don't hesitate to _report them_.
+
+Please email [email protected] and describe what you've found.
+
+- If you have a fix, explain or attach it.
+- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.
+
+> You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.

packages/python/SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If there are any vulnerabilities in `readme-metrics`, don't hesitate to _report them_.
+
+Please email [email protected] and describe what you've found.
+
+- If you have a fix, explain or attach it.
+- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.
+
+> You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.

packages/ruby/SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If there are any vulnerabilities in `readme-metrics`, don't hesitate to _report them_.
+
+Please email [email protected] and describe what you've found.
+
+- If you have a fix, explain or attach it.
+- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.
+
+> You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.