README.md encourages adoption, but current security policy makes this problematic for orgs

[stevekap]

Is your feature request related to a problem? Please describe.
The project README.md was recently updated to state that adoption of the argocd-agent is encouraged now that the project is approaching stability.

Unfortunately, whilst we'd love to start making use of the argocd-agent, the current security policy is a blocker to this in my organisation and likely others.

The security policy document states that the project is not ready for production use, in contrast to the project README, which used to repeat this message but does no longer.

Specifically, the lack of the following items is preventing us from making use of argocd-agent:

• A responsible security vulnerability disclosure process
• Issuance of CVEs and security advisories for discovered and fixed security issues

Describe the solution you'd like
I appreciate that it is no small ask, but it would be fantastic if the project would consider adopting a security policy with a responsible disclosure process and issuance of CVEs and security advisories for security issues. I expect that this would help enable adoption of argocd-agent in more organisations.

Describe alternatives you've considered
None.

Additional context
While the argocd-agent project looks extremely promising, sadly we are unable to make any headway with adoption of the project in my organisation until a more mature security policy is in place.

[jannfis]

Hi @stevekap, thanks for raising this concern. And I totally understand it.

However, right now, our focus is on delivering towards a GA (v1.0). We will have a proper policy and a responsible disclosure process in place before the project reaches GA, which we plan for December of this year. Maybe that is not clearly enough formulated in the current policy placeholder.