Open
Description
We need a policy defining how security issues in our code can be reported to us, i.e. we need a responsible disclosure policy.
One example illustrating why this is needed and what are the important points is described in Cory Field's post about disclosing a vulnerability in Bitcoin Cash.
Having a security@ email address is part of that (see #39).