Notes on reporting security issues. (#253)

* Notes on reporting security issues.
* Fix heading level
* added some missing slashes
:)

Co-authored-by: Christoph John <[email protected]>

Author: philipwhiuk

README.md

@@ -26,6 +26,15 @@ For asking questions please use the mailing list: https://lists.sourceforge.net/
 ## issues
 Please report issues here: https://github.com/quickfix-j/quickfixj/issues
 
+## security
+QuickFIX/J welcomes and appreciates responsible disclosure. Contributors are given appropriate credit in release notes and Git logs.
+
+For security issues in QuickFIX/J itself contact the project maintainer: christoph.john-at-macd.com
+
+For security issues in libraries used by QuickFIX/J contact the relevant project team (e.g. for Apache MINA: https://www.apache.org/security/ ). If you feel they are particularly exploitable via QuickFIX/J also feel free to follow up with the project maintainer as above so that we upgrade to the new version in a timely fashion.
+
+Once a security issue is fixed in QuickFIX/J it will be communicated via the user mailing list and other appropriate channels.
+
 ## contributions
 Pull requests are always welcome! Best is if you added a unit test to show that a certain bug has been fixed or a new feature works as expected.