Adding SECURITY.md #25
Description
Following the discussion opened by @bcebere and @bayegaspard on Slack, I think that it could be useful to set up an organization-wide security policy, mostly for vulnerability disclosure. Individual repos could still add their specific instructions and security models, but this organization-wide policy would provide a good default (e.g. with an email address to contact OpenMined's quality/security team).
Here are a few resources:
- Instructions by GitHub: https://docs.github.com/en/code-security/security-advisories/adding-a-security-policy-to-your-repository
- Very simple example: https://github.com/ory/examples/blob/master/SECURITY.md
- More detailed example: https://github.com/microsoft/SEAL/blob/main/SECURITY.md