Add SECURITY.md file

SECURITY.md

@@ -0,0 +1,36 @@
+# Security
+
+NVIDIA is dedicated to the security and trust of our software products and services,
+including all source code repositories managed through our organization.
+
+If you need to report a security issue, please use the appropriate contact points outlined
+below. **Please do not report security vulnerabilities through GitHub/GitLab.**
+
+## Reporting Potential Security Vulnerability in nvmath-python
+
+To report a potential security vulnerability in nvmath-python:
+
+- Web: [Security Vulnerability Submission
+  Form](https://www.nvidia.com/object/submit-security-vulnerability.html)
+- E-Mail: <[email protected]>
+  - We encourage you to use the following PGP key for secure email communication: [NVIDIA
+    public PGP Key for communication](https://www.nvidia.com/en-us/security/pgp-key)
+  - Please include the following information:
+    - Product/Driver name and version/branch that contains the vulnerability
+    - Type of vulnerability (code execution, denial of service, buffer overflow, etc.)
+    - Instructions to reproduce the vulnerability
+    - Proof-of-concept or exploit code
+    - Potential impact of the vulnerability, including how an attacker could exploit the
+      vulnerability
+
+While NVIDIA currently does not have a bug bounty program, we do offer acknowledgement when
+an externally reported security issue is addressed under our coordinated vulnerability
+disclosure policy. Please visit our [Product Security Incident Response Team
+(PSIRT)](https://www.nvidia.com/en-us/security/psirt-policies/) policies page for more
+information.
+
+## NVIDIA Product Security
+
+For all security-related concerns, please visit NVIDIA's Product Security portal at
+<https://www.nvidia.com/en-us/security>.
+