first commit

.github/SECURITY.md

@@ -0,0 +1,44 @@
+# Security Policy
+
+## Supported Versions
+
+Currently, the following versions of Articulate Rise Parser are supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+We take the security of Articulate Rise Parser seriously. If you believe you have found a security vulnerability, please follow these steps:
+
+1.  **Do not disclose the vulnerability publicly** - Please do not create a public GitHub issue for security vulnerabilities.
+2.  **Email the details to [security+articulate-parser@kjanat.com]** - Include as much information as possible about the vulnerability.
+3.  **Wait for a response** - We will acknowledge your email within 48 hours and provide an estimated timeline for a fix.
+4.  **Work with us** - We may ask for additional information to help us understand and address the issue.
+
+## What to Include in a Report
+
+When reporting a vulnerability, please include:
+
+-   A clear description of the issue
+-   Steps to reproduce the vulnerability
+-   The potential impact of the vulnerability
+-   Any possible mitigations you've identified
+
+## What to Expect
+
+-   We will acknowledge receipt of your vulnerability report within 48 hours.
+-   We will provide regular updates about our progress.
+-   We will notify you when the vulnerability is fixed.
+-   With your permission, we will include your name in the acknowledgments.
+
+## Security Measures
+
+This project follows these security practices:
+
+-   Regular dependency updates via Dependabot
+-   CodeQL security scanning
+-   Automated testing for each pull request
+-   Code review requirements for all changes