Add SECURITY.md

[jameslamb]

Description

Contributes to rapidsai/build-planning#281

• adds a SECURITY.md describing how to report security vulnerabilities

Notes for Reviewers

Why not just set this org-wide?

An org-wide default is set at https://github.com/rapidsai/.github/blob/main/SECURITY.md, but adding an actual file in each repo offers a few benefits:

• ensures security policy travels with the repo to forks, clones, mirrors, etc.
• allows per-repo governance over the security policy (via PR review, CODEOWNERS, etc.)

This can be admin-merged

I'll stop CI intentionally after pre-commit runs, to save CI time and resources.

[copy-pr-bot]

Auto-sync is disabled for draft pull requests in this repository. Workflows must be run manually.

Contributors can view more details about this message here.

[rgsl888prabhu]

Description

Contributes to rapidsai/build-planning#281

• adds a SECURITY.md describing how to report security vulnerabilities

Notes for Reviewers

Why not just set this org-wide?

An org-wide default is set at https://github.com/rapidsai/.github/blob/main/SECURITY.md, but adding an actual file in each repo offers a few benefits:

• ensures security policy travels with the repo to forks, clones, mirrors, etc.
• allows per-repo governance over the security policy (via PR review, CODEOWNERS, etc.)

This can be admin-merged

I'll stop CI intentionally after pre-commit runs, to save CI time and resources.

I had just added this in a PR #1310 :), but I would like your approach on this as per rapids standards.

[jameslamb]

Ha oh great!

Sorry, I hadn't checked all the repos yet, just auto-generated these draft PRs with https://github.com/rapidsai/rapids-reviser

Let's use your PR, though if you don't have strong opinions then I do think you should copy the SECURITY.md from my PR here. We're rolling it out across all of RAPIDS, and its content comes from NVIDIA security folks internally.