doc: Adds security and conduct details for sswg

README.md

@@ -124,6 +124,13 @@ should be encoded using the `GraphQLJSONEncoder` provided by this package.
 
 ## Contributing
 
+If you think you have found a security vulnerability, please follow the
+[Security guidelines](SECURITY.md).
+
+Those contributing to this package are expected to follow the [Swift Code of Conduct](https://www.swift.org/code-of-conduct/), the
+[Swift API Design Guidelines](https://swift.org/documentation/api-design-guidelines/), and the
+[SSWG Technical Best Practices](https://github.com/swift-server/sswg/blob/main/process/incubation.md#technical-best-practices).
+
 Most of this repo mirrors the structure of
 (the canonical GraphQL implementation written in Javascript/Typescript)[https://github.com/graphql/graphql-js]. If there is any feature
 missing, looking at the original code and "translating" it to Swift works, most of the time. For example:

SECURITY.md

@@ -0,0 +1,18 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| < 2.0.0 | :x:                |
+| > 2.0.0 | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you think you have found a security vulnerability, please create a new
+[security advisory in GitHub](https://github.com/GraphQLSwift/GraphQL/security/advisories).
+and email Jay Herron at NeedleInAJayStack at protonmail.com. We expect to respond within 
+3 days to discuss the details of the security vulnerability.