diff --git a/.gitignore b/.gitignore
index 712722e..54cb9b7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-.idea/*
 ./out/*
 ./yaml-payload.jar
-./yaml-payload.yml
\ No newline at end of file
+./yaml-payload.yml
+*.class
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..5c2ad47
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,49 @@
+# Security Policy
+
+## About This Repository
+
+This repository contains a proof-of-concept tool for generating SnakeYAML deserialization payloads. It is intended for **security research and educational purposes only** to help security professionals understand and test for YAML deserialization vulnerabilities.
+
+## Disclaimer
+
+⚠️ **Important**: This tool is designed to demonstrate a known security vulnerability. Use this tool only in authorized testing environments and with explicit permission. Unauthorized access to computer systems is illegal.
+
+## Reporting Security Issues
+
+If you discover a security vulnerability in this repository (e.g., issues with the code itself, documentation errors, or security concerns), please report it responsibly:
+
+### For Non-Critical Issues
+- Open a public issue in this repository
+- Clearly describe the concern
+- Suggest a fix or improvement if applicable
+
+### For Critical Security Issues
+- Use GitHub's private security advisory feature (navigate to the Security tab → Advisories → New draft security advisory)
+- Or contact the repository maintainer directly via GitHub
+- Provide detailed information about the vulnerability
+- Allow time for the issue to be addressed before public disclosure
+
+Please do not use this issue tracker to report vulnerabilities in other projects or systems.
+
+## Responsible Use
+
+Users of this tool are expected to:
+- Use it only for legitimate security testing and research
+- Have proper authorization before testing any systems
+- Follow all applicable laws and regulations
+- Respect ethical guidelines for security research
+
+## Supported Use Cases
+
+This tool is provided as-is for:
+- Security researchers testing for SnakeYAML vulnerabilities
+- Penetration testers with authorization
+- Educational purposes in controlled environments
+- Vulnerability research and disclosure
+
+## Not Supported
+
+This project does not support:
+- Malicious or unauthorized use
+- Attacks on systems without permission
+- Distribution for illegal purposes