[contributing.md] add how to report security bugs (#3005)

* [contributing.md] add how to report security bugs I think it's a good idea mentioning how to report vulnerabilities in contributing.md, by pointing them to SECURITY.md. This is useful in case people only read contributing.md but not security.md, and incorrectly believe that your team prefers discussing security issues on GitHub. * Use full name of MSRC As suggested by miniksa, change "MSRC" to "Microsoft Security Response Center (MSRC)"
2019-10-04 21:35:55 +08:00 · 2019-10-04 21:35:55 +08:00 · 505ceaccf6
parent 8ae65f5444
commit 505ceaccf6
1 changed files with 3 additions and 0 deletions
--- a/doc/contributing.md
+++ b/doc/contributing.md
@ -21,6 +21,9 @@ We drive the bot by tagging issues with specific labels which cause the bot engi
 Therefore, if you do file issues, or create PRs, please keep an eye on your GitHub notifications. If you do not respond to requests for information, your issues/PRs may be closed automatically.

 ---
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center (MSRC). See [Security.md](../SECURITY.md) for more information.

 ## Before you start, file an issue