ADdded security.md

CHANGELOG.md

@@ -44,6 +44,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 * Added content of repository [bht](https://github.com/ezonakiusagi/bht) below `software`
 * Added links to openssf and badge
 * Added packages mailx, ksh and nmon
+* Added [SECURITY.md](SECURITY.md)
 * Added script `start_sshd.sh`
 
 ### Changed in unreleased

SECURITY.md

@@ -1,14 +1,25 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+
+- [Security Policy](#security-policy)
+  - [Supported Versions](#supported-versions)
+  - [Reporting a Vulnerability](#reporting-a-vulnerability)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
 # Security Policy
 
 ## Supported Versions
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 2.8.x   | :white_check_mark: |
-| < 2.8.x   | :x:                |
+We release patches for security vulnerabilities. Which versions are eligible for
+receiving such patches depends on the CVSS v3.0 Rating:
 
-## Reporting a Vulnerability
+| CVSS v3.0 | Supported Versions                        |
+| --------- | ----------------------------------------- |
+| 9.0-10.0  | Releases within the previous three months if possible |
+| 4.0-8.9   | Most recent release                       |
 
-If your find a vulnerability, please create an issue ticket.
+## Reporting a Vulnerability
 
-Vulnerability are taken seriously and I will try to fix them as soon as possible.
+Please report (suspected) security vulnerabilities by creating a [issue](https://github.com/stevleibelt/arch-linux-live-cd-iso-with-zfs/issues)-ticket.
+We will try to take care as fast as possible. Keep in mind that this is a hobby project.