docs: add SECURITY.md with vulnerability reporting guidelines

SECURITY.md

@@ -0,0 +1,59 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+The B3 team takes security seriously. We appreciate your efforts to responsibly disclose your findings.
+
+### How to Report
+
+If you discover a security vulnerability, please report it by emailing **security@b3.fun** (or the appropriate security contact).
+
+**Please do NOT:**
+- Open a public GitHub issue for security vulnerabilities
+- Disclose the vulnerability publicly before it has been addressed
+
+### What to Include
+
+When reporting a vulnerability, please include:
+
+- A clear description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact of the vulnerability
+- Any suggested fixes (if available)
+
+### Response Timeline
+
+- **Initial Response**: Within 48 hours
+- **Status Update**: Within 7 days
+- **Resolution Target**: Depending on severity
+
+### Scope
+
+This security policy applies to:
+
+- Smart contracts in this repository
+- SDK packages (`@b3dotfun/sdk`)
+- Backend services and APIs
+- Authentication and wallet integrations
+
+### Bug Bounty
+
+For information about our bug bounty program, please visit our official documentation or contact us directly.
+
+## Security Best Practices
+
+When using B3 SDK and services:
+
+- Never commit private keys or secrets to version control
+- Use environment variables for sensitive configuration
+- Always validate user inputs
+- Keep dependencies updated
+- Follow the security guidelines in our documentation
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| Latest  | :white_check_mark: |
+
+Thank you for helping keep B3 and our users safe!