Create security policy (#893)

* Add security policy

* Update SECURITY.md

Replace invalid email address

* Update SECURITY.md

Add missing space

* Update CONTRIBUTING.md

Clarify add maintainer description.

Author: sliverc

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you've found something in Django REST Framework JSON API which has security implications, please **do not raise the issue in a public forum**.
+
+Send a description of the issue via email to [[email protected]][security-mail]. The project maintainers will then work with you to resolve any issues where required, prior to any public disclosure.
+
+[security-mail]: mailto:[email protected]

docs/CONTRIBUTING.md

@@ -52,9 +52,21 @@ To setup pre-commit hooks first create a testing environment as explained above
 
 ## For maintainers
 
+### Create release
+
 To upload a release (using version 1.2.3 as the example) first setup testing environment as above before running below commands:
 
     python setup.py sdist bdist_wheel
     twine upload dist/*
     git tag -a v1.2.3 -m 'Release 1.2.3'
     git push --tags
+
+
+### Add maintainer
+
+In case a new maintainer joins our team we need to consider to what of following services we want to add them too:
+
+* [Github organization](https://github.com/django-json-api)
+* [Read the Docs project](https://django-rest-framework-json-api.readthedocs.io/)
+* [PyPi project](https://pypi.org/project/djangorestframework-jsonapi/)
+* [Google Groups security mailing list](https://groups.google.com/g/rest-framework-jsonapi-security)