Add SECURITY.md

[alexkorovko]

Summary by CodeRabbit

• Documentation
  • Added security reporting guidance documentation outlining proper procedures and channels for submitting security concerns and vulnerabilities, including submission methods and required information.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: 04759a19-c66f-4426-80d1-ce590cb1aaa8

📥 Commits

Reviewing files that changed from the base of the PR and between 02458e5 and 25df1ad.

📒 Files selected for processing (1)

• SECURITY.md

---

📝 Walkthrough

Walkthrough

A new SECURITY.md file is added to the repository. It documents NVIDIA's process for reporting potential security vulnerabilities, including the official submission form, contact email with an optional PGP key, instructions to avoid GitHub disclosure, required reporter information, and links to PSIRT policies and the product security portal.

Changes

Security Reporting Documentation

Layer / File(s)	Summary
Vulnerability reporting guidance SECURITY.md	Introduces the full security policy document covering contact channels, expected information from reporters, a warning against GitHub disclosure, and links to NVIDIA's PSIRT policies and product security portal.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

A rabbit hopped in, ears perked with care,
"Report bugs securely — don't leave them bare!"
No GitHub issues for secrets, please,
Use the form or email with PGP keys. 🐇🔐
PSIRT awaits with policies bright,
Keeping the code safe through day and night!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change—adding a SECURITY.md documentation file.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dev/ak/security

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}