Update SECURITY.md

SECURITY.md

@@ -1,7 +1,29 @@
-Please use https://g.co/vulnz to report security vulnerabilities.
+# Security Policy
 
-We use https://g.co/vulnz for our intake and triage. For valid issues we will do coordination and disclosure here on
-GitHub (including using a GitHub Security Advisory when necessary).
+## Reporting a Vulnerability
 
-The Google Security Team will process your report within a day, and respond within a week (although it will depend on the severity of your report).
+Please use [https://g.co/vulnz](https://g.co/vulnz) to report security vulnerabilities.
 
+We use [https://g.co/vulnz](https://g.co/vulnz) for our intake and triage. For valid issues, we will do coordination and disclosure here on GitHub (including using a GitHub Security Advisory when necessary).
+
+## Contact Information
+
+If you need to contact the Google Security Team directly, you can reach us at security@google.com.
+
+## Disclosure Policy
+
+The Google Security Team will process your report within a day and respond within a week (although it will depend on the severity of your report).
+
+## Types of Vulnerabilities
+
+Please report any security vulnerabilities that could potentially impact the security of our users or infrastructure.
+
+## Encrypting Sensitive Information
+
+If you need to send sensitive information, please use our PGP key, available at [https://example.com/pgp-key](https://example.com/pgp-key).
+
+## Response Timeline
+
+- Initial acknowledgment: 1 day
+- Triage and assessment: 1 week
+- Fix and disclosure: Depending on the severity, typically within 30-90 days.