Add a SECURITY.md file to the AtoM repo with information on how to submit security bug reports
|Target version:||Release 2.5.2|
|Google Code Legacy ID:||Tested version:|
In some cases, community users will spot security bugs in AtoM and want to report them for review. However, having publicly reported bug tickets for security issues can cause those security issues to become more well-known, allowing bad actors to potentially exploit the vulnerabilities before a fix is available.
To prevent this, we propose adding a SECURITY.md file to the AtoM repo with steps for reporting suspected security vulnerabilities. This could potentially also include additional considerations for securely deploying AtoM. For reference, see:
Note that GitHub is also introducing support for security advisories for projects (see: https://github.com/artefactual/atom/security/advisories), but it is still in beta.