SECURITY.md from sequelize/sequelize

SECURITY.md
Summary

Maintainability

Test Coverage

Issues
# Security Policy

## Supported versions

The following table describes the versions of this project that are currently supported with security updates:

| Version | Supported          |
| ------- | ------------------ |
| 6.x   | :heavy_check_mark:   |
| 5.x   | :heavy_check_mark:   |

## Responsible disclosure policy

At Sequelize, we prioritize security issues and will try to fix them as soon as they are disclosed.

If you discover a security vulnerability, please reach out to the project maintainers privately. You can find related information in [CONTACT.md](./CONTACT.md).

After validating & discussing scope of security vulnerability, we will set a time-frame for patch distribution. This time-frame may vary depending upon the nature of vulnerability.

Once affected versions are patched you may report security issue to any Node.js security vulnerability database. A few which we have worked with in past are listed below.

- [NPM](https://www.npmjs.com/advisories/report)
- [Snyk.io](https://snyk.io/vulnerability-disclosure)