Add SECURITY.md

Same contents as the one in the TimescaleDB repo.

SECURITY.md

@@ -0,0 +1,24 @@
+# Security Policy
+
+We aim to keep TimescaleDB safe for everyone. 
+Publicly disclosing security bugs in a public forum can put everyone in the Timescale community at risk,
+however. Therefore, we ask that people follow the below instructions to report security vulnerability.
+The entire Timescale community thanks you!
+
+## Supported Versions
+
+The supported version is always the latest major release available in our repository.
+We also release regular minor versions with fixes and corrections alongside some new features as well as patchfix releases, that you should keep upgrading to.
+Vulnerability fixes are made available as part of these patchfix releases and you can read our list of [Security Advisories](https://github.com/timescale/timescaledb-docker/security/advisories?state=published).
+
+You can also take a look at our [Support Policy](https://www.timescale.com/legal/support-policy).
+
+
+## Reporting a Vulnerability
+
+If you find a vulnerability in our software, please email the Timescale Security Team at [email protected].
+
+Please note that the e-mail address should only be used for reporting undisclosed security vulnerabilities in Timescale products and services. 
+Regular bug reports should be submitted as GitHub issues, while other _questions_ around security,
+compliance, or functionality can be made either through our support (for customers) or
+community channels (e.g., [Timescale Slack](https://slack.timescale.com/), [Forums](https://www.timescale.com/forums), etc.)