Suggestion to Implement Security Policy (SECURITY.md) for Enhanced Security

[huawei-od-man]

I hope you're doing well.

I would like to suggest enhancing the security of our project by defining a comprehensive security policy. Specifically, I recommend creating a SECURITY.md file in the root directory of the repository. This policy should include guidelines for vulnerability reporting and vulnerability publication.

You can easily create this file via the Security page, which provides a template. Just add some key information, such as an email address or a link for submitting vulnerabilities, to the SECURITY.md file and commit it.

For more detailed information on these security checks, you can refer to the OpenSSF Scorecard documentation.

I believe that addressing these security improvements will significantly strengthen our project's security posture. What are your thoughts on implementing these changes?

Thank you for considering this suggestion.

Best regards,
Cong Feng