Is your feature request related to a problem? Please describe.
Users are unaware of how cFS is tested. By providing this information, transparency is provided to the community which promotes trust.

Also, when adding a new issue, there are three templates to chose from. One of the templates is Report a Security Vulnerability. When clicking this template, it redirects the user to the Security Policy which states to use the Bug Report template. I think this is redundant and making the user do extra unnecessary steps.

Describe the solution you'd like
The security policy should inform users what tools are being used to test cFS while being cautious of liability issues. To do so, we can state explicitly that our software does not provide liability under the Apache license. The security policy should inform users that they may view the LGTM results. The policy would state that the alerts from LGTM may not be accurate, since they cannot be dismissed.

For the template issue, an easy solution is to have the bug report state that this includes security vulnerabilities and get rid of the Report a Security Vulnerability template.

Describe alternatives you've considered
Another option is to allow the Report a Security Vulnerability template to redirect the user to the Security Policy, but change the policy to say something along the lines of emailing us for security vulnerabilities. Then we would have to define what is considered a security vulnerability, which I believe to be a vulnerability dealing with authorization, authentication, and encryption issues.

Additional context
References: https://github.com/thanos-io/thanos/security/policy

Requester Info
Ariel Adams, ASRC Federal