docs(security): add responsible disclosure policy

SECURITY.md

@@ -6,39 +6,19 @@ The following table describes the versions of this project that are currently su
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 3.x   | :white_check_mark:   |
-| 4.x   | :white_check_mark:   |
-| 5.x   | :white_check_mark:   |
+| 3.x   | :heavy_check_mark:   |
+| 4.x   | :heavy_check_mark:   |
+| 5.x   | :heavy_check_mark:   |
 
-## Responsible disclosure security policy
+## Responsible disclosure policy
 
-A responsible disclosure policy helps protect users of the project from publicly disclosed security vulnerabilities
-without a fix by employing a process where vulnerabilities are first triaged in a private manner, and only publicly
-disclosed after a reasonable time period that allows patching the vulnerability and provides an upgrade path for users.
+At Sequelize, we prioritize security issues and will try to fix them as soon as they are disclosed.
 
-When contacting us directly via email, we will do our best efforts to respond in a reasonable time to resolve the issue.
-When contacting a security program their disclosure policy will provide details on timeframe, processes and paid bounties.
+If you discover a security vulnerability, please reach the project maintainers privately. You can find related information in [CONTACT.md](./CONTACT.md).
 
-We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project’s team members at
-risk.
+After validating & discussing scope of security vulnerability, we will set a time-frame for patch distribution. This time-frame may vary depending upon the nature of vulnerability.
 
-## Reporting a security issue
+Once effected versions are patched you may report security issue to any Node.js security vulnerability database. A few which we have worked with in past are listed below.
 
-At Sequelize, we consider the security of our systems a top priority. But no matter how much effort we put into system
-security, there can still be vulnerabilities present.
-
-If you discover a security vulnerability, please use one of the following means of communications to report it to us:
-
-* Report the security issue to the Node.js Security WG through the 
-[HackerOne program](https://hackerone.com/nodejs-ecosystem) for ecosystem modules on npm, or to
-[Snyk Security Team](https://snyk.io/vulnerability-disclosure). They will help triage the security issue and work with
-all involved parties to remediate and release a fix.
-
-Note that time-frame and processes are subject to each program’s own policy.
-
-* Report the security issue to the [project maintainers](./CONTACT.md) directly. If the report contains
-highly sensitive information, you should consider reporting to one of the above mentioned disclosure programs that allow
-sending the report over a secure medium.
-
-Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge
-your contributions.
+- [NPM](https://www.npmjs.com/advisories/report)
+- [Snyk.io](https://snyk.io/vulnerability-disclosure)