may you create a security policy like this?

It is recommended that the community create a security policy, such as the Security.md file, to describe information such as vulnerability reporting and vulnerability disclosure notifications, so that users can be aware of vulnerabilities in a timely manner.