Merge pull request #204 from omerfaruk-aran/security-md

🔒 Add Security Policy

SECURITY.md

@@ -0,0 +1,39 @@
+# Security Policy
+
+## Supported Versions
+
+We ensure that the following versions of the software are actively supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 20240213.1  | :white_check_mark:  |
+| < 20240213.1  | :x:                |
+
+Older versions will no longer receive security updates. Users are encouraged to update to the latest supported version.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in the project, please follow these steps:
+
+1. **Do not publicly disclose the issue** before it has been patched and reviewed. Public disclosure can put users at risk.
+
+2. **Create a new issue** on the project's GitHub repository under the [Issues tab](https://github.com/lanwin/esphome_samsung_hvac_bus/issues), with the `Security` label. Please include the following details in your report:
+    - Affected version(s)
+    - A detailed description of the issue
+    - Steps to reproduce the issue (if applicable)
+    - Your proposed mitigation or fix (if available)
+
+3. Once the report is received, we will:
+    - Acknowledge receipt of your report within **48 hours**.
+    - Work with you to understand the issue and validate the vulnerability.
+    - Provide you with an expected timeline for a fix and coordinate an appropriate disclosure timeline.
+
+4. We aim to resolve all security issues as quickly as possible and will notify you once a patch is available. You will be credited for your report unless you wish to remain anonymous.
+
+## Security Updates
+
+Security updates will be made available via:
+- [GitHub Releases](https://github.com/lanwin/esphome_samsung_hvac_bus/releases)
+- [Project Change Log](https://github.com/lanwin/esphome_samsung_hvac_bus/CHANGELOG.md)
+
+We recommend that all users regularly check for updates and upgrade to the latest secure version.