Provide improved security/bug-reporting disclosure instructions

[grctest]

From @grctest on August 15, 2017 20:42

Due to a lack of communication & established security disclosure instructions, several security researchers have published rather negative research against Gridcoin citing a lack of communication/attention by the devs.

Ideally, we should not promote contact@gridcoin.us as the main contact point as this isn't a team email account but rather monitored by Rob (who in this scenario allegedly ignored/missed the researchers subsequent emails).

We should route researchers towards Slack's #development channel, or instruct them to contact an admin/op/mod on irc/telegram/slack/cryptocointalk. Had the researchers reached out via chat, they would have had more attention paid to them by many users.

Copied from original issue: grctest/Gridcoin-Site#70

[grctest]

From @jring-o on August 15, 2017 22:31

Thank you for getting this moving CM!

I think a clearly marked "Security Disclosure" section under a "contact" page will do wonders for Gridcoin development and reputation.

For those who do not wish to use slack, we could direct them to a specific e-mail, perhaps multidev, perhaps not, whatever structure we want.

While we're at it, what if we set up more direct communication channels for other types of contact:

Media
Marketing
Development
Business Proposals
Partnerships
Researchers (for people who want to make projects with BOINC and fund them with GRC but don't know where to start, for example)

and whatever else we can come up with.

This will break up contact so no 1 person must deal with all the different e-mail GRC receives. If these are added to a General@gridcoin (or whatever) e-mail, it will also act as a natural filter for people asking random questions and people with specific intent.

[grctest]

From @barton2526 on August 16, 2017 0:26

I can put a PR in immediately which changes the "Contact Us" link in the footer to a link to the dev slack channel. If anyone has any other suggestions, such as having multiple points of contact (Contact Us Page), let me know and I will edit the PR.

It's up. #71

[grctest]

From @barton2526 on August 16, 2017 1:38

#72 adds to header

[grctest]

I've added a 'contact us' page which details the multiple methods of reaching admins/community, as well as some security issue reporting instructions. Think this is sufficient, or should the contact us page be expanded?

[grctest]

Need to reference @TheCharlatan's security procedure document.

[barton2526]

Reference gridcoin-community/Gridcoin-Research#597

[barton2526]

Reference document: https://github.com/gridcoin/Gridcoin-Research/blob/master/VULNERABILITY_RESPONSE_PROCESS.md

[barton2526]

Added in #60