Add security file

SECURITY.md

@@ -0,0 +1,25 @@
+## Reporting a Vulnerability
+
+At Axon Ivy, we take security seriously. If you believe you've found a security vulnerability in our software, we encourage you to let us know right away. We investigate all reported vulnerabilities promptly.
+
+To report a vulnerability, please send an email to [security@axonivy.com](mailto:security@axonivy.com) with the following information:
+
+- Description of the vulnerability
+- Steps to reproduce the vulnerability
+- Any additional information or context that may be helpful
+
+Please refrain from publicly disclosing the vulnerability until it has been addressed by our team.
+
+## Response Time
+
+We strive to respond to security vulnerability reports as quickly as possible. Upon receiving your report, we will acknowledge it within 72 hours and we will release a patch as soon as possible depending on complexity, but historically within a few days.
+Please report (suspected) security vulnerabilities at https://support.axonivy.com/.
+
+
+## Responsible Disclosure
+
+We encourage responsible disclosure of security vulnerabilities. We believe that working together with security researchers and the broader community helps us improve the security of our software for everyone.
+
+## Contact
+
+For any questions or concerns regarding security, please contact us at [security@axonivy.com](mailto:security@axonivy.com).