SECURITY: Add a 'Security considerations' section

tgonzalezorlandoarm · tgonzalezorlandoarm · commit e8220a0a164b · 2024-03-13T17:09:31.000Z
Signed-off-by: Tomás González &lt;tomasagustin.gonzalezorlando@arm.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -24,3 +24,13 @@ To report a vulnerability, please send an email to
 [cncf-parsec-maintainers@lists.cncf.io](mailto:cncf-parsec-maintainers@lists.cncf.io). We will
 promptly reply to your report and we will strive to keep you in the loop as we try to reach a
 resolution.
+
+# Security considerations for the use of the software
+
+The authvalue provided to the TPM to perform certain operations like creating Primary Keys is
+currently randomly generated by [getrandom](https://crates.io/crates/getrandom), which assumes
+"that the system always provides high-quality cryptographically secure random data, ideally backed
+by hardware entropy sources."
+
+The user of this software should take this into consideration when setting up their system and using
+this software.
