Motivation:
@tomerd made this suggestion but it was missed in the previous PR.
Modifications:
- Use 'sswg-security-reports' as the recipients are more relevant to
this project
Motivation:
Security is hugely important to us and our users yet we don't provide
guidelines on how users should report vulnerabilities to us, nor any
commitments we make to resolve these issues.
Modifications:
- Add SECURITY.md detailing how to report vulnerabilities and what
happens when one is reported.
Result:
It's easier for users to report vulnerabilities to us.
Co-authored-by: Cory Benfield <lukasa@apple.com>