website: add security disclosure page

website/source/layouts/_footer.erb

@@ -4,8 +4,9 @@
 				<div class="col-md-offset-1 col-md-5 col-sm-6 col-xs-12">
 					<ul class="footer-links nav navbar-nav">
 						<li class="li-under"><a href="/intro/index.html">Intro</a></li>
-						<li class="active li-under"><a href="/docs/index.html">Docs</a></li>
-		        		<li class="li-under"><a href="/community.html">Community</a></li>
+						<li class="li-under"><a href="/docs/index.html">Docs</a></li>
+						<li class="li-under"><a href="/community.html">Community</a></li>
+						<li class="li-under"><a href="/security.html">Security</a></li>
 					</ul>
 				</div>
 				<div class="footer-hashi col-md-5 col-sm-6 col-xs-12">

website/source/security.html.erb

@@ -0,0 +1,27 @@
+---
+layout: "inner"
+page_title: "Security"
+description: |-
+  Vault takes security very seriously. Please responsibly disclose any security vulnerabilities found and we'll handle it quickly.
+---
+
+<h1>Security</h1>
+
+<p>
+We understand that many users place a high level of trust in HashiCorp and
+the tools we build. We apply best practices and focus on security to make
+sure we can maintain the trust of the community.
+</p>
+<p>
+We deeply appreciate any effort to disclose vulnerabilities responsibly.
+</p>
+<p>
+If you would like to report a vulnerability, please see the
+<a href="https://www.hashicorp.com/security.html">HashiCorp security page</a>,
+which has the proper email to communicate with as well as our PGP key.
+</p>
+<p>
+If you aren't reporting a security sensitive vulnerability, please
+open an issue on the standard <a href="https://github.com/hashicorp/vault">GitHub</a>
+repository.
+</p>