Update security info

Author: dr8co

CONTRIBUTING.md

@@ -8,6 +8,8 @@ to help and details about how this project handles them. Please make sure to rea
 your contribution. It will make it a lot easier for us maintainers and smooth out the experience for all involved. The
 community looks forward to your contributions. 🎉
 
+For security issues, please follow the instructions in the [Security](./SECURITY.md) section.
+
 > And if you like the project, but just don't have time to contribute, that's fine. There are other easy ways to support
 > the project and show your appreciation, which we would also be very happy about:
 >
@@ -90,7 +92,7 @@ following steps in advance to help us fix any potential bug as fast as possible.
 #### How Do I Submit a Good Bug Report?
 
 > You must never report security related issues, vulnerabilities or bugs including sensitive information to the issue
-> tracker, or elsewhere in public. Instead sensitive bugs must be sent by email to <dr8co@duck.com>.
+> tracker, or elsewhere in public. Check the [Security](./SECURITY.md) section for more information.
 
 We use GitHub issues to track bugs and errors. If you run into an issue with the project:
 

README.md

@@ -458,13 +458,15 @@ sudo rpm -i privacyshield-3.0.0-1.x86_64.rpm # Replace with the actual file path
 ```
 
 The packages can be verified using the [GnuPG](https://gnupg.org/) signature files provided.
-To verify the packages, first import the public key from the releases page:
+To verify the packages, first import the [public GPG key](./security/privacyShield_pub_key.asc) provided:
 
 ```bash
 gpg --import public_gpg_key.asc
 ```
 
-Then verify the package using the signature file (which can be found on the releases page as well):
+The public key is provided in the [releases page](https://github.com/dr8co/PrivacyShield/releases) as well.
+Then verify the package using the signature file (which can also be found on the
+[releases page](https://github.com/dr8co/PrivacyShield/releases)):
 
 ```bash
 gpg --verify signatures/privacyshield_3.0.0_amd64.deb.sig privacyshield_3.0.0_amd64.deb

SECURITY.md

@@ -0,0 +1,29 @@
+# Security
+
+We take the security of Privacy Shield seriously.
+If you believe you have found a security vulnerability in the source code,
+please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please send an encrypted email to [dr8co@duck.com](mailto:dr8co@duck.com).
+Encrypt your message with our PGP key; it can be found [here](./security/privacyShield_pub_key.asc).
+
+Please include the requested information listed below (as much as you can provide)
+to help us better understand the nature and scope of the possible issue:
+
+* Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
+* Full paths of source file(s) related to the manifestation of the issue
+* The location of the affected source code (tag/branch/commit or direct URL)
+* Any special configuration required to reproduce the issue
+* Step-by-step instructions to reproduce the issue
+* Proof-of-concept or exploit code (if possible)
+* Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+## Preferred Languages
+
+We prefer all communications to be in English.

security/privacyShield_pub_key.asc

@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGXUykUBEAD0nkmT6SgkJnlXTx2aEJ23bl87TZR3gW3v+uNQn5ISaUw1WJtE
+8XYYkibTBz88W8EeozXGfRn3UDs4g1UOvMcYlfibOxHUZm0MPrueJhFptaBs/x6h
+Y0zaODlX3ZpM3ISGu1o4mwLTOhHhP+15XkbT+b7Cbf1HFKplPyp8TS/s0cUfSq5f
+Thg8ngIbnkUp4S5cqKJMV3yyK0NyqYE8IJMNOMTot7szFA06phUp5XbOl+Jmhbr2
+I3YPWE/guFw0R4IX3klXOITLs5iJFkrLL5VbGseF0YQUkGVFTiTovuc8hcvmbS8x
+mU+lH0IkRnye1F9fogymhuiX8vL5Gf9C6gNr0mpWxaHtFAkVqmchhmWWRn3RGkHM
+6kdYrEj5yDrhwI8ZPVjh34XDQMg7pXIdiHZbTZMm/RA944VhdfjYs3VS/FZ3Oz9k
+Rf5M830x9ifG28dCMiVFhYn5jm4hOmh6KrfPxK7Muf2XFJP6DiBNAT07LDq/DeG8
+qk/VALH6vKElFADVsrn2QVq8LmapmYwMl9l2Bmb6isWsuu+RUGft3MvwygUfve5b
+9NQYITGGhmD/jH5IXiW/iU+6tIQx9UFaQTm9Plg4LChnVQpMqxp0YhX47QNZFyWB
+qJ+N47DTGcjDENQcXTidu4kgV0jf26y2MQ8N0GvufJXvA3NuHpcfJ1e7uwARAQAB
+tD9JYW4gRHVuY2FuIChTaWduaW5nIGtleSBmb3IgcGVyc29uYWwgcHJvamVjdHMp
+IDxkcjhjb0BkdWNrLmNvbT6JAk4EEwEKADgWIQRkiIHdBB6Z7skF/YG9mRSEoI6b
+xQUCZdTKRQIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC9mRSEoI6bxXuU
+D/0eYT2v5b8E6Ws8rNh0hzglzC9BiZDG2NWoaz1O26ixXPdzymYFB1xvNFS4UONP
+1YDGGfFTBjhsseUwv11N6ZahwzGIkBnMUwH/Vbx2Rt4NTXkukfqeHaTM/jTPZUMn
+OzBcECaE9Buph18c05tlXGb60+40R4zB/uTPys5qzuVCs0Us4X5CIt7GHC/hwJiW
+hxEZyA/S0ardVyh1dQEpKV6PeWczwvfkqPBymsx5FLABC5N2epPq7OO6Uv/tMOfC
+UrM/7z1CEY/vmHcD+fpfsXK4Y4ixaUrs8BJQtmaYrVSH+wHlmlNumudI6VtPU7i1
+egTpJ4ViidqzzZLL075hGCEczsp3EqtBKpik+ZpHXHSpMYeuLvqz20PAP3jAYNHV
+k7vcv39mDsivf//GbfObQ43kKpWvfJ6lwb4EaopL8RLCFxGDrLM2bf1cb/WRULBw
+YAgiF7gfYpe4rPUlp1/xFkdH5lBZay1sFN8rVu0wPwung7czQHypNo0jYrvHiufD
+BDkr0sQznV6dKBY8uhMhkhiVhq2hast6I5rNkJSRx6ZpIROYVF5xnlAGaJ/C9SKK
+zInHVJRWW19RNDfVj9Ld9O6fgsnGTOiJDSmH1J6jbdNoqafNc1EyXnYT0Dl5rQ0f
+HDZMYssMgdIGIjh4gtNAuW/T8vE0rXl33+vwSvV7aJf1NLkCDQRl1MpFARAAv2hF
+AbLa0Q7YUQXVma6Dr72ML8bdF1q1xXC1vD+L7Aka+TFjzHmgeQxmDsP9LvAAkRAg
+K7XKLYJqT7nvHfr8g8flUiSImBRXHV7OBlVXiVmVJqKSMoFC6TOvGyrvlESDlBAB
+SZayNTihRZz/fIdiahZ+Iblwp3/9ZwufAqPsYlgfL51SLUZZnohw2jzDbNTToVsk
+W6qQKvjbDYOJk+/i4jNnmnoN3T39zRUqKiKudNHtspha424eRys6sBgTni4mSZ2b
+8FpWmC+ou7Ichkb4i0RU1sS+LgnwzP9yic9qEQDzhLcBqcFiSWJV1gwyzE+gbc3i
+KGAfXV6cIHpjA5ZrSoZyBIPsrDWHclWYJx7x4r39ddSORgOMCCtxiC57krjWh7oU
+a/KlWZR3MjeLI+ipVT0ltZeT9FArZzeSLXEqW2ENGPk1fWv0SgwPStyQla5244aZ
+BDaB3WUr4dVAdWWKEuxoPUQPwEVTgJKJ0/OtC2jPMbE9dFSBz1Iwh5+EuB7PLJTc
+PoTb4vMLkFmJntWJIytPDcUgFIpf0Cld8nXICFHUp085zJo182KBkQQWr05SG8p3
+5nNuzRE3V00CURrH/SSEa1D3wNlnOYS6klGYzmGLBlb8EoZusb+Lsrd+tLIzqTdV
+ciN+qUeEmPLCJEtRexaWVmbUfe7SGJH6VSB7JPEAEQEAAYkCNgQYAQoAIBYhBGSI
+gd0EHpnuyQX9gb2ZFISgjpvFBQJl1MpFAhsMAAoJEL2ZFISgjpvFEA8P/2DBEln/
+BGBhMyhGMTuLqSb7FqG3yJLD7YTlM2MTGOHinCroOxI3UlS6PQew9o4DkJHaLQw+
+ho4qcIol7wISnRHE5fYABcmbdPR3wSIT/KQRdSTVSOkQDFPFGOPRfKeCmKP4npB/
+x8LHcoJwG3ab/2axHNkJLWrJwFY6iYxpYIW364v+uSJJq22z3SJ8bmL0JJjr6JPK
+SU7Io4deRbnw7q0TNJqcgs4dzmIWaubaA1VdmYbZnq57F6WvTDVwz8vWT45sw4Sy
+RML3B2UPxnvHS8sJygnM2Vo+yijU1sYm3yYYAfB81AlbrjGyuGhISR7jnFgAtnuD
+HjpGXnDrYKcmjp+EpC88oJiIuuUD6E6AyIXGnXTs00fFCqhcXXwW6wRF7vzo47To
+eApHCc0y9A+3ZEfmkpdIsxXdcQNf65Eh0XOB4tEYtmm2hPgjJ3T+1iZRYfsr7dkV
+bE//dzBIom0VEr9I8vYlKsqlC0G98AplYvitS++4akCpYFuFXlcKlQErhSGL9qgo
+34xrQv//salNPGzDWbOpCDGUQ8DV01FFBkneZIlrz85rR63SPi7mp7SHIW6mGxuA
+ZSc8aL5X1m61d4uLTqYswRDJ1nE4ZT05Bk9bpDOzqbELBitU54oPCCNqWEAs+Usq
+dhCOLSVqS8XZKOgkOO54MKbmb3YZv5m46DfY
+=M91j
+-----END PGP PUBLIC KEY BLOCK-----