Fix #173, Create Security Policy MarkDown

[ArielSAdamsNASA]

Describe the contribution
Fix #173
Created a draft of a security policy markdown file. The purpose of a security policy is to inform users on how to submit bugs or vulnerabilities. It is ideal to include a section for supported versions.

Additional context
Optional sections that may be included:

• What to expect security-wise such as what type of testing is done
• Address privacy concerns
• Supported versions
• License
• Known vulnerabilities

References to Public Security Policies:
https://github.com/thanos-io/thanos/security/policy
https://github.com/minhealthnz/nzcovidtracer-app/security/policy
https://github.com/odoo/odoo/security/policy

Contributor Info - All information REQUIRED for consideration of pull request
Ariel Adams, ASRC Federal

[astrogeco]

CCB 2021-01-06 APPROVED

• Look more closely into requirements on emailing the SOC
• Add instructions to tag the issue with the "security" label. Make sure all repos have that label.
• Apply these changes to Fix #1068, Create cFE Security Policy Markdown cFE#1048 and Implement a Security Policy osal#743

[ArielSAdamsNASA]

@astrogeco

I called the hotline (877-627-2732) and was told that it is a publicly available service and there are no requirements regarding emailing or calling the service. I was told that there would be no concerns or issues placing the information in a security policy on a public GitHub Repository.

Additional References:

https://www.nasa.gov/content/cybersecurity-policies

Cybersecurity Hotline
If you wish to report a cybersecurity incident or concern please contact the NASA SOC either by phone at 1-877-NASA-SEC (877-627-2732) or via the SOC email address ([email protected]).

https://www.nasa.gov/offices/ocio/ittalk/07-2010_soc.html

NASA's SOC is tracking, monitoring and reporting issues 24x7x365. For more information or to report an issue, contact 1-877-NASA-SEC (1-877-627-2732) or [email protected]

https://hackerone.com/nasa?type=team

IT Security Hotline
Users can contact the new 24x7x365 NASA Security Operations Center (SOC) by phone, 1-877-NASA-SEC (877-627-2732) or via the SOC email address ([email protected]).

I updated the three security policies to include instructions on tagging reports with the security label. I added the security label to cFE, so now all repos have that label available.