Adding Microsoft SECURITY.MD

[microsoft-github-policy-service]

Please accept this contribution adding the standard Microsoft SECURITY.MD 🔒 file to help the community understand the security policy and how to safely report security issues. GitHub uses the presence of this file to light-up security reminders and a link to the file. This pull request commits the latest official SECURITY.MD file from https://github.com/microsoft/repo-templates/blob/main/shared/SECURITY.md.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

[rhalstea]

@bhagatyj @bocon13 For comments. Since I'm not sure if PINS or ONF has additional requirements around reporting vulnerabilities?

[bocon13]

I wonder if/how things change as an LF project.

For ONF, most projects have an alias that is used to report security vulnerabilties. It's good for this list to be private to allow for discussion before the vulnerability can be patched:

For example, ONOS:

Reporting security issues
Please report any security issues you find in ONOS to: security@onosproject.org

Anyone can post to this list. The subscribers are only trusted individuals who will handle the resolution of any reported security issues in confidence. In your report, please note how you would like to be credited for discovering the issue and the details of any embargo you would like to impose.