Add security reporting page (#253)

Signed-off-by: Mike Ng <[email protected]>

Author: mikeshng

content/en/docs/security/_index.md

@@ -0,0 +1,30 @@
+---
+title: Security
+weight: 9
+---
+
+The Open Cluster Management (OCM) community welcomes and appreciates responsible disclosure of security vulnerabilities.
+
+If you know of a security issue with OCM, please report it to [[email protected]](mailto:[email protected]).
+The OCM project owners receive security disclosures by default.
+They may share disclosures with others as required to make and propagate fixes.
+
+The OCM community security reporting process follows the
+[Kubernetes security reporting process](https://kubernetes.io/docs/reference/issues-security/security/)
+as standard.
+
+## Security Vulnerability Response
+
+Each report is acknowledged and analyzed by OCM project owners within 5 working days.
+This will set off the Security Release Process.
+
+Any vulnerability information shared with OCM project owners stays within the OCM community
+and will not be disseminated to other projects unless it is necessary to get the issue fixed.
+
+As the security issue moves from triage, to identified fix, to release planning we will keep the reporter updated.
+
+## Security Release Process
+
+Refer to the Kubernetes
+[Security Release Process](https://github.com/kubernetes/committee-security-response/blob/main/security-release-process.md)
+for details on the security disclosures and response policy.