updating the security policy

Author: jaredwray

SECURITY.md

@@ -1,5 +1,9 @@
 # Security Policy
 
-To report a security vulnerability, please send an email to [email protected]. Once the issue has been validated, we will open a [Github Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/about-github-security-advisories-for-repositories), if necessary.
+To report a security vulnerability, please post an issue in our repository for [Keyv](https://github.com/jaredwray/keyv/issues) and mark it with `security vulnerability`. You need to add in the issue description the following information:
 
-Once the security advisory has been opened, contributors can collaborate on a private fork to fix the vulnerability. When the issue has been resolved, we will alert users of the past vulnerability by publishing the security advisory.
+- **Vulnerability Type**: Describe the type of vulnerability (e.g., XSS, CSRF, SQL Injection).
+- **Vulnerability Description**: Describe the vulnerability in detail, including how it can be exploited and what impact it may have.
+- **Proof of Concept**: If possible, provide a proof of concept (PoC) that demonstrates the vulnerability.
+
+Once the issue has been validated, we will open a [Github Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/about-github-security-advisories-for-repositories), if necessary. When the issue has been resolved, we will alert users of the past vulnerability by publishing the security advisory.