Add some minimal guideline about GHSA (#347)

vks · web-flow · commit ee840d4a4ded · 2020-08-01T11:43:50.000-07:00
Fixes #345.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -19,6 +19,9 @@ Feel free to do either or both of these as you see fit (we recommend you do both
 
 4. [Yank] the affected versions of the crate.
 5. Request a CVE for your vulnerability: https://iwantacve.org/
+   Alternatively, you can create a GitHub Security Advisory (GHSA) and let them request
+   a CVE for you. In this case, you can add the GHSA ID to the RustSec advisory via the
+   `aliases` field.
 
 ## Criteria
 
