Create SECURITY.md (facebook#1130)

Summary:
Thanks for proposing a pull request!

To help us review the request, please complete the following:

- [x] sign [contributor license agreement](https://developers.facebook.com/opensource/cla)
- [x] I've ensured that all existing tests pass and added tests (when/where necessary)
- [x] I've updated the documentation (when/where necessary) and [Changelog](CHANGELOG.md) (when/where necessary)
- [x] I've added the proper label to this pull request (e.g. `bug` for bug fixes)

## Pull Request Details

Adding security policy.
Pull Request resolved: facebook#1130

Test Plan: N/A

Reviewed By: Mxiim

Differential Revision: D18599035

Pulled By: joesus

fbshipit-source-id: 33d677b3a65e3fab43782fdd30951617b1099bcb

Author: joesus

README.md

@@ -57,6 +57,10 @@ or open an issue in this repository.
 
 See the [LICENSE](LICENSE) file.
 
+## Security Policy
+
+See the [SECURITY POLICY](SECURITY) for more info on our bug bounty program.
+
 ## DEVELOPER TERMS
 
 - By enabling Facebook integrations, including through this SDK, you can share information with Facebook, including

SECURITY.md

@@ -0,0 +1,7 @@
+# Security Policy
+
+Please do not open GitHub issues or pull requests - this makes the problem immediately visible to everyone, including malicious actors. Security issues in the SDK can be safely reported via Facebook's Whitehat Bug Bounty program:
+
+[facebook.com/whitehat](https://www.facebook.com/whitehat)
+
+Facebook's security team will triage your report and determine whether or not is it eligible for a bounty under our program.