Add responsible disclosure procedure
As a DevSecOps dude
I want to get confidential reports about failures in NLX security
so that the world doesn't abuse the security failures while we are fixing them
- Page in documentation detailing how security failures should be reported
- Policy follows "Responsible Disclosure" best practise as common in The Netherlands
- Policy refers to e-mailadress 'email@example.com'