From 060c7658ef52c7aeafe12c8fad3df66a1dcbaec4 Mon Sep 17 00:00:00 2001
From: Nemo <commits@captnemo.in>
Date: Fri, 09 May 2025 18:03:28 +0530
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..5c4ac85 100644
--- /dev/null
+++ a/SECURITY.md
@@ -1,0 +1,28 @@
+# Mergington High School Security Policy
+
+## Reporting a Vulnerability
+
+At Mergington High, we take the security of our Extra-Curricular Activities website seriously, especially
+since it contains student information. If you discover a security vulnerability, please follow these steps:
+
+1. **Do not** create an issue on this repository, disclose the vulnerability publicly, or discuss it with other teachers/students.
+1. In the top navigation of this repository, click the **Security** tab.
+1. In the top right, click the **Report a vulnerability** button.
+1. Fill out the provided form. It will request information like:
+   - A description of the vulnerability
+   - Steps to reproduce the issue
+   - Potential impact on student data or website functionality
+   - Suggested fix (if you have one)
+1. Email the IT Club faculty advisor at techsupport@mergingtonhigh.example.edu and inform them you have made a report. **Do not** include any vulnerability details.
+
+## Response Timeline
+
+- We will acknowledge receipt of your report within 2 school days
+- We will provide an initial assessment within 5 school days
+- Critical issues affecting student data will be addressed immediately
+- We will create a private fork to solve the issue and invite you as a collaborator so you can see our progress and contribute.
+
+## Thank You
+
+Your help in keeping our school's digital resources secure is greatly appreciated!
+Responsible disclosure of security vulnerabilities helps protect our entire school community.
--
rgit 0.1.5