Add security policy, scorecard ref to improve score (#100)

Signed-off-by: Marikkannu, Suresh <[email protected]>

Author: sureshmarikkannu

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+# SPDX-FileCopyrightText: 2025 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+* @omec-project/5gc-maintainers

README.md

@@ -4,6 +4,7 @@
 SPDX-License-Identifier: Apache-2.0
 -->
 [![Go Report Card](https://goreportcard.com/badge/github.com/omec-project/openapi)](https://goreportcard.com/report/github.com/omec-project/openapi)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/omec-project/openapi/badge)](https://scorecard.dev/viewer/?uri=github.com/omec-project/openapi)
 
 # OpenApi
 

docs/SECURITY.md

@@ -0,0 +1,41 @@
+<!--
+SPDX-FileCopyrightText: 2025 Intel Corporation
+SPDX-License-Identifier: Apache-2.0
+-->
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities in the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please:
+
+1. **DO NOT** create a public GitHub issue
+2. Email us at: [email protected]
+3. Include detailed information about the vulnerability
+4. Allow us reasonable time to address the issue before public disclosure
+
+### What to Include
+
+- Description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact assessment
+- Any proof-of-concept code (if applicable)
+
+## Security Best Practices
+
+When using this project:
+- Keep dependencies up to date
+- Use the latest supported version
+- Follow secure coding practices
+- Regularly audit your implementation
+
+## Contact
+
+1. #sdcore-dev channel in [Aether Community Slack](https://aether5g-project.slack.com)