Refactor security policy documentation so that they appear in the Sec…

…urity policy tab of GitHub (PowerShell#9905)



Co-Authored-By: Travis Plunk <[email protected]>

.github/CONTRIBUTING.md

@@ -382,7 +382,7 @@ Once you sign a CLA, all your existing and future pull requests will have the st
 [testing-guidelines]: ../docs/testing-guidelines/testing-guidelines.md
 [running-tests-outside-of-ci]: ../docs/testing-guidelines/testing-guidelines.md#running-tests-outside-of-ci
 [issue-management]: ../docs/maintainers/issue-management.md
-[vuln-reporting]: ../docs/maintainers/issue-management.md#Security-Vulnerabilities
+[vuln-reporting]: ./SECURITY.md
 [governance]: ../docs/community/governance.md
 [using-prs]: https://help.github.com/articles/using-pull-requests/
 [fork-a-repo]: https://help.github.com/articles/fork-a-repo/

.github/ISSUE_TEMPLATE/Security_Issue_Report.md

@@ -9,12 +9,12 @@ assignees: 'TravisEz13'
 
 # Security Issue
 
-Excerpt from [Issue Management - Security Vulnerabilities](https://github.com/PowerShell/PowerShell/blob/master/docs/maintainers/issue-management.md#security-vulnerabilities)
+Excerpt from [Issue Management - Security Vulnerabilities](https://github.com/PowerShell/PowerShell/blob/master/.github/SECURITY.md)
 
-> If you believe that there is a security vulnerability in PowerShell Core,
+> If you believe that there is a security vulnerability in PowerShell,
 it **must** be reported to [[email protected]](https://technet.microsoft.com/security/ff852094.aspx)
 to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
 **Only** file an issue, if [email protected] has confirmed filing an issue is appropriate.
 
-When you have permission from [email protected] to file an issue here,
-please use the Bug Report template and state in the description that you are reporting the issue in coordination with [email protected].
+When you have permission from [[email protected]](https://technet.microsoft.com/security/ff852094.aspx) to file an issue here,
+please use the Bug Report template and state in the description that you are reporting the issue in coordination with [[email protected]](https://technet.microsoft.com/security/ff852094.aspx).

.github/SECURITY.md

@@ -0,0 +1,5 @@
+# Security Vulnerabilities
+
+If you believe that there is a security vulnerability in PowerShell,
+it **must** be reported to [[email protected]](https://technet.microsoft.com/security/ff852094.aspx) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
+**Only** file an issue, if [[email protected]](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue?rtc=1) has confirmed filing an issue is appropriate.

docs/maintainers/issue-management.md

@@ -2,9 +2,8 @@
 
 ## Security Vulnerabilities
 
-If you believe that there is a security vulnerability in PowerShell Core,
-it **must** be reported to [[email protected]](https://technet.microsoft.com/security/ff852094.aspx) to allow for [Coordinated Vulnerability Disclosure](https://technet.microsoft.com/security/dn467923).
-**Only** file an issue, if [[email protected]](https://www.microsoft.com/en-us/msrc/faqs-report-an-issue?rtc=1) has confirmed filing an issue is appropriate.
+If you believe that there is a security vulnerability in PowerShell,
+first follow the [vulnerability issue reporting policy](../../.github/SECURITY.md) before submitting an issue.
 
 ## Long-living issue labels