Add security policy (#15169)

2020-08-04 19:47:41 +02:00 · 2020-08-04 19:47:41 +02:00 · b8e3f79faf
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@ -0,0 +1,5 @@
+# Security Policy
+
+This code and its associated production web page are included in the Mozilla’s web and services [bug bounty program](https://www.mozilla.org/en-US/security/web-bug-bounty/). If you find a security vulnerability, please submit it via the process outlined in the program and [FAQ pages](https://www.mozilla.org/en-US/security/bug-bounty/faq-webapp/). Further technical details about this application are available from the [Bug Bounty Onramp page](https://wiki.mozilla.org/Security/BugBountyOnramp/).
+
+Please submit all security-related bugs through Bugzilla using the [web security bug form](https://bugzilla.mozilla.org/form.web.bounty). Never submit security-related bugs through a Github Issue or by email.