[DOCS] Create SECURITY.md with responsible disclosure policy

[Priyanshu-byte-coder]

Problem

DevTrack has no SECURITY.md file. GitHub recommends this for all public repositories so security researchers know how to responsibly disclose vulnerabilities.

Task

Create SECURITY.md in the repo root with:

1. Supported versions (which version of DevTrack is receiving security fixes)
2. How to report a vulnerability (email or GitHub private vulnerability reporting)
3. Expected response time
4. What happens after a report is received

Template to follow

GitHub's official template: https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository

Acceptance criteria

• SECURITY.md exists at repo root
• Contains supported versions table
• Contains clear reporting instructions
• GitHub shows the security policy in the Security tab

[YashKrTripathi]

@Priyanshu-byte-coder Please assign this to me ik what to do !

[srinidhi-2006-bit]

/assign

[Kishalll]

Hi @Priyanshu-byte-coder! I'd love to be assigned to this under GSSoC 2026.

My approach:

• Create SECURITY.md at the repo root following GitHub's official template and all four required sections:
  • Supported versions - a table marking the latest main branch as actively supported and older releases as unsupported
  • Reporting a vulnerability - instruct reporters to use GitHub's built-in Private vulnerability reporting (already available on public repos under Security → Report a vulnerability), avoiding exposure via public issues
  • Expected response time - acknowledge within 48 hours, triage within 7 days
  • Disclosure process - what happens after a report: confirmation, fix development, coordinated disclosure timeline (typically 90 days), and credit to the reporter in the release notes if desired

[Sweksha-Kakkar]

@Priyanshu-byte-coder
Please assign this to me under gssoc
/assign

[anshul23102]

I can create the SECURITY.md file with responsible disclosure policy. Will document how to report security vulnerabilities responsibly.

/assign

[Sweksha-Kakkar]

@Priyanshu-byte-coder
/assign
Please assign this under GSSOC

[krishGupta-026]

Hi @Priyanshu-byte-coder I'd love to be assigned to this under GSSoC 2026 as my first contribution.
Fix needed:

1. Supported versions table with emoji checkmarks (GitHub renders these natively)
2. Two reporting options — GitHub private vulnerability reporting + email
3. Response time table (48hr acknowledgement → 5 days triage → 30 days fix)
4. Full post-report workflow so reporters know what to expect
5. Scope section (in/out of scope)
6. Credits section

[Aditya8369]

Hii @Priyanshu-byte-coder I would like to work on this issue under GSSoC'26, can you assign me ?