Docs: Update SECURITY.md

SECURITY.md

@@ -1,21 +1,21 @@
-**Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you've discovered a potential security issue.**
+# Security Policy
 
-You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.
+**Please contact us at [security@photoprism.app](mailto:security@photoprism.app) when you have discovered a potential security issue.** You are welcome to also report vulnerabilities in third-party applications that we may not be able to fix directly.
 
 At a minimum, your report should include the following:
 
-* version and architecture
-* vulnerability description
-* reproduction steps
+- version and architecture
+- vulnerability description
+- reproduction steps
 
 We will then try to reproduce the problem, determine the impact and get back to you as soon as possible.
+Confirmed vulnerabilities will be fixed within 90 days, depending on the severity and whether third-party
+packages are affected.
+
+**Responsible Disclosure:**
+
+1. Confirm that the vulnerability applies to a current version and is reproducible
+2. First share the vulnerability details with us so that users are not put at risk
+3. Wait before publishing details until everyone has had a chance to update
 
 *Avoid activities that disrupt, degrade, or interrupt our services or compromise other users' data, such as spam, brute force attacks, denial of service attacks, and malicious file distribution.*
-
-### Responsible Disclosure ###
-
-1. Confirm that the vulnerability applies to a current version
-2. First share the vulnerability details with us
-3. Wait for resolution before sharing details
-
-**Thank you!** 👍