Security Page

[janpio]

Cordova is currently missing a Security page at https://cordova.apache.org/security/ or similar where the process of reporting security bugs is documented, we just link to http://www.apache.org/security/ in the footer.

I suggest having a few sentences on the Cordova site itself, if only for better Google-ability.

The page could also list or link to previous CVEs:
https://cordova.apache.org/announcements/2015/11/20/security.html
https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-27153/Apache-Cordova.html

Some examples:
https://nodejs.org/en/security/
https://www.ruby-lang.org/en/security/

[brody4hire]

I would mark this one as a blocker. (accepting the response below)

[brody4hire]

https://httpd.apache.org/security/ - a classic!

[janpio]

I would mark this one as a blocker.

I don't agree. There is a link to http://www.apache.org/security/ in the footer, see the updated description. The page itself on cordova.apache.org would just be a convenience "feature".