Add note to define communication channel to report security issues [skip ci]

rodnymolina · rodnymolina · commit 0ca4837c2f40 · 2021-10-08T16:51:18.000-07:00
Signed-off-by: Rodny Molina &lt;rmolina@nestybox.com&gt;
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -26,7 +26,7 @@ Strong container security is of upmost concern for Sysbox.
 
 If you are reporting a security issue, please do not create an issue or file a
 pull request on GitHub. Instead, disclose the issue responsibly by sending an
-email to contact@nestybox.com.
+email to security@nestybox.com.
 
 ## Reporting other issues
 
diff --git a/README.md b/README.md
@@ -65,6 +65,7 @@ sysbox-mgr. More on Sysbox's design can be found in the [Sysbox user guide](docs
 *   [Under the Covers](#under-the-covers)
 *   [Comparison to related technologies](#comparison-to-related-technologies)
 *   [Contributing](#contributing)
+*   [Security](#security)
 *   [Troubleshooting & Support](#troubleshooting--support)
 *   [Uninstallation](#uninstallation)
 *   [Roadmap](#roadmap)
@@ -297,6 +298,12 @@ We welcome contributions to Sysbox, whether they are small documentation changes
 bug fixes, or feature additions. Please see the [contribution guidelines](CONTRIBUTING.md)
 and [developer's guide](docs/developers-guide/README.md) for more info.
 
+## Security
+
+Security issues that may expose a Sysbox vulnerability should be reported
+by sending an email to security@nestybox.com. Please do not open security
+issues here.
+
 ## Troubleshooting & Support
 
 Refer to the [Troubleshooting document](docs/user-guide/troubleshoot.md)
