feat(policy): add information on security disclosures

author Ashley Williams <ashley666ashley@gmail.com>

Thu, 29 Jun 2017 00:16:00 +0000 (20:16 -0400)

committer Ashley Williams <ashley666ashley@gmail.com>

Thu, 29 Jun 2017 00:56:44 +0000 (20:56 -0400)
author Ashley Williams <ashley666ashley@gmail.com>
Thu, 29 Jun 2017 00:16:00 +0000 (20:16 -0400)
committer Ashley Williams <ashley666ashley@gmail.com>
Thu, 29 Jun 2017 00:56:44 +0000 (20:56 -0400)
diff --git a/src/doc/policies.md b/src/doc/policies.md

index 1c18412c2e7fcae8e92313333d8e483453ee05be..c8b3c1c281b437e4e5805ab24b6731893eac8ce6 100644 (file)
--- a/src/doc/policies.md
+++ b/src/doc/policies.md
@@ -56,5 +56,16 @@ There are two important, related aspects:
    cannot be directly answered in the hypothetical sense. All of the details
    must be taken into consideration in these kinds of situations.
  
+# Security
+
+Cargo and crates.io are projects that are governed by the Rust Programming 
+Language Team. Safety is one of the core principles of Rust, and to that end,
+we would like to ensure that cargo and crates.io have secure implementations.
+To learn more about disclosing security vulnerabilities, please reference the 
+[Rust Security policy] for more details.
+
+Thank you for taking the time to responsibly disclose any issues you find.
+
+[Rust Security policy]: https://www.rust-lang.org/security.html
  [Code of Conduct]: https://www.rust-lang.org/conduct.html
  [sending us an email]: mailto:help@crates.io
author	Ashley Williams <ashley666ashley@gmail.com>
	Thu, 29 Jun 2017 00:16:00 +0000 (20:16 -0400)
committer	Ashley Williams <ashley666ashley@gmail.com>
	Thu, 29 Jun 2017 00:56:44 +0000 (20:56 -0400)