Add a disclosure policy.

Author: Julian

.github/SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+In general, only the latest released ``jsonschema`` version is supported
+and will receive updates.
+
+## Reporting a Vulnerability
+
+To report a security vulnerability, please send an email to
+``[email protected]`` with subject line ``SECURITY
+(jsonschema)``.
+
+I will do my best to respond within 48 hours to acknowledge the message
+and discuss further steps.
+
+If the vulnerability is accepted, an advisory will be sent out via
+GitHub's security advisory functionality.
+
+For non-sensitive discussion related to this policy itself, feel free to
+open an issue on the issue tracker.