Use this section to tell people about which versions of your project are
currently being supported with security updates.
Use this section to tell people how to report a vulnerability.
Tell them where to go, how often they can expect to get an update on a
reported vulnerability, what to expect if the vulnerability is accepted or
declined, etc.
I saw that GitHub has a security tab and a button in it that says suggest a policy so I clicked it and now I'm here.