Create SECURITY.md

[Jacksole]

To give people instructions for responsibly reporting security vulnerabilities in our project. This is a default template and can be editted to fit our needs

[codecov-io]

Codecov Report

Merging #108 into development will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           development   #108   +/-   ##
==========================================
  Coverage            0%     0%           
==========================================
  Files               17     17           
  Lines              123    123           
  Branches             2      2           
==========================================
  Misses             123    123

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 98bebe3...6194de2. Read the comment docs.

[Jacksole]

@anthonyLuttrell What's your opinion on adding this.

[alexdqmf]

Are we planning on having features where this would be required? Or is it something that might be required even with our game? I'm aware it's frowned upon not to add this one, but I'm just not sure which kinds of projects this is applicable.

[Jacksole]

Well maybe but if this prevents a hack

[Jacksole]

@alexdqmf this is just a suggestion however.

[TrainingAfternoon]

Could you perhaps fill out SECURITY.MD? I agree that we should have a file on security, if only for the fact that there's no reason not to, but it seems rather pointless to just merge a template. The whole thing doesn't have to be done at once, but even adding basic secure coding tips would be good.

[Plat251]

While a bug_report.md can get away with being somewhat inaccurate or untrue to the real situation, SECURITY.md is very likely to outright contradict what we have. This isn't good at all.

It isn't good to the point that it's better to have no SECURITY.md at all than one that's wrong.

[Veradux]

I don't see the point in adding this as well.

[Jacksole]

Ok so are we saying that we are against the idea of this or jus that this template needs to be editted?

[Veradux]

What would we write, if we decided to edit it?

[Jacksole]

True, I'm not sure what we'd write as I haven't been able to find a great example besides doing a cursory search and finding theses two: https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md, https://github.com/apache/storm/blob/master/SECURITY.md, and
https://snyk.io/blog/ten-git-hub-security-best-practices/

[Plat251]

What's important is that neither of repositories you linked deal with offline-only, entertainment-only products.
At this stage, I don't think it's possible to misuse World War of Ants even if you try really hard.

[Jacksole]

Ok so I'll close this pull request and the issue with it.

[Jacksole]

This will close #109 and this pull request

[Jacksole]

Resolves #109