Update SECURITY.md

.github/SECURITY.md

@@ -2,20 +2,33 @@
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
+The RT-Thread project supports the following versions with security updates:
-currently being supported with security updates.
 
-| Version | Supported          |
+  - The most recent release, and the release prior to that.
-| ------- | ------------------ |
+  - Active LTS releases.
-| 5.1.x   | :white_check_mark: |
+
-| 5.0.x   | :x:                |
+At this time, with the latest release of v5.0.0, the supported
-| 4.0.x   | :white_check_mark: |
+versions are:
-| < 4.0   | :x:                |
+
+  - xxx
+  - xxx
 
 ## Reporting a Vulnerability
 
-Use this section to tell people how to report a vulnerability.
+Please see [xx](xx) for detail about the security vulnerability reporting process.
+Vulnerabilities to the RT-Thread project may be reported via email to the XXX@XXX mailing list. These reports will be acknowledged and analyzed by the security response team within 1 week. Each vulnerability will be entered into the RT-Thread security advisory GitHub.
+
+To report a security vulnerability, you need to provide at least the following information:
+
+### Summary
+_Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server._
+
+### Details
+_Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer._
+
+### PoC
+_Complete instructions, including specific configuration details, to reproduce the vulnerability._
+
+### Impact
+_Give all affected versions. What kind of vulnerability is it? Which components are impacted?_ 
 
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.