add documents of Code of Conduct, Code Owners and Security

SECURITY.md

@@ -0,0 +1,28 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+|---------|--------------------|
+| v1.x.x  | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you find a security vulnerability affecting any of our supported projects, please
+email [edward@cheng.sydney](mailto:edward@cheng.sydney), rather than opening a public issue on GitHub. After receiving
+the initial report, we will endeavor to keep you informed of the progress towards a fix and full announcement. We may
+ask you for additional information. You are also welcome to propose a patch or solution.
+
+Report security bugs in third-party modules to the person or team maintaining the module.
+
+## Coordinated Disclosure
+
+We aim to patch confirmed vulnerabilities within 30 days or less, disclosing the details of those vulnerabilities when a
+patch is published. We ask that you refrain from sharing your report with others while we work on our patch.
+
+We may want to coordinate an advisory with you to be published simultaneously with the patch, but you are also welcome
+to self-disclose after 90 days if you prefer. We will never publish information about you or our communications with you
+without your permission.