[docs] Create SECURITY.md (#5904)

acrollet · web-flow · commit 0b5c832da42a · 2021-07-23T10:14:43.000-06:00
* Create SECURITY.md

* Update SECURITY.md
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Reporting a Vulnerability to the VA.gov CMS
+
+If you believe you have found a vulnerability in this repository,
+please [report it here](https://va-gov.atlassian.net/servicedesk/customer/portal/3/group/8/create/26).
+Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.
+
+## Reporting vulnerabilities to public-facing VA systems
+
+Please see VA's [Vulnerability Disclosure Policy](https://www.va.gov/vulnerability-disclosure-policy/).
