[docsy] Recover missing security pages and create Security section (#96)

Author: chalin

content/en/docs/faq.md

@@ -1,7 +1,7 @@
 ---
 title: Frequently Asked Questions
 LinkTitle: FAQ
-weight: 45
+weight: 450
 description: Get your questions answered!
 aliases: [/faq]
 ---
@@ -138,8 +138,8 @@ in [TAP 4](https://github.com/theupdateframework/taps/blob/master/tap4.md).
 
 **12. Has there been a security audit of TUF?**
 
-The [Security Audits](docs/overview/security) page links to a few of the
-security audits of TUF.
+The [Security Audits](docs/security/) page links to a few of the security audits
+of TUF.
 
 **13. How can I try TUF?**
 

content/en/docs/get-started/_index.md

@@ -1,6 +1,6 @@
 ---
 title: Get started
-weight: 17
+weight: 200
 description: Get started with TUF based on your role.
 aliases: [/getting-started]
 ---

content/en/docs/get-started/adopter.md

@@ -2,11 +2,11 @@
 title: Adopter
 weight: 15
 description: Get started with TUF as an adopter.
+cSpell:ignore: RSTUF
 ---
 
-TUF provides a framework for integration of the
-[security](docs/overview/security) properties into new and existing content
-delivery systems.
+TUF provides a framework for integration of the [security](docs/security/)
+properties into new and existing content delivery systems.
 
 While some [adoptions](/community/adoptions/) integrate TUF by implementing the
 framework from scratch, others start from either a TUF implementation or from a

content/en/docs/history.md

@@ -1,6 +1,6 @@
 ---
 title: History
-weight: 18
+weight: 418
 description: Learn TUF history and core principles
 aliases: [/history]
 ---

content/en/docs/overview/_index.md

@@ -1,6 +1,6 @@
 ---
 title: Overview
-weight: 10
+weight: 100
 description: Find out what TUF is all about!
 aliases: [/overview]
 ---
@@ -80,8 +80,8 @@ account, such as when:
 - An attacker compromises the key used to sign these files. Now you download a
   file that is properly signed, but is still malicious.
 
-The [Security](docs/overview/security) section offers a full list of the attacks
-and updater weaknesses that TUF is designed to defend against.
+The [Security](docs/security/) section offers a full list of the attacks and
+updater weaknesses that TUF is designed to defend against.
 
 ### How does TUF secure updates?
 

content/en/docs/overview/security.md renamed to content/en/docs/security/_index.md

@@ -1,6 +1,6 @@
 ---
 title: Security
-weight: 35
+weight: 300
 description: Security properties of TUF repositories
 aliases: [/security]
 ---

content/en/docs/security/audits.md

@@ -0,0 +1,15 @@
+---
+title: Security audits
+linkTitle: Audits
+aliases: [/audits]
+---
+
+Selected publicly available audit reports:
+
+- [September 9, 2022 by X41](/audits/x41-python-tuf-audit-2022-09-09.pdf)
+- [August 7, 2018 by Cure53](https://github.com/theupdateframework/notary/blob/master/docs/resources/cure53_tuf_notary_audit_2018_08_07.pdf)
+  covering TUF and Notary
+- [October 18, 2017 by NCC](https://www.nccgroup.trust/globalassets/our-research/us/public-reports/2017/ncc-group-kolide-the-update-framework-security-assessment.pdf)
+  security assessment of TUF / Kolide.
+- [July 31, 2015 by NCC](https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf)
+  covering TUF and Notary.

content/en/docs/security/reporting.md

@@ -0,0 +1,17 @@
+---
+title: Reporting issues
+aliases: [/reporting]
+---
+
+Security issues can be reported by emailing
+[[email protected]](mailto:[email protected]).
+
+If at all possible, please include the following information in the report:
+
+- Description of the vulnerability.
+- Steps to reproduce the issue.
+
+Optionally, emailed reports can be encrypted with PGP. Use this PGP key
+fingerprint:
+
+**E9C0 59EC 0D32 64FA B35F 94AD 465B F9F6 F8EB 475A**.

content/en/docs/timeline.md

@@ -1,6 +1,6 @@
 ---
 title: Timeline
-weight: 19
+weight: 419
 Description: See the project timeline
 aliases: [/timeline]
 ---