Doc: update security policy and PR template

.github/pull_request_template.md

@@ -29,7 +29,8 @@ _Please detail how the changes were tested, including manual tests and any relev
 Here are some reminders and checklists before/when submitting your pull request, please check them:
 
 - [ ] Make sure your Pull Request has a clear title and commit message. You can take [git-commit](https://github.com/cloudberrydb/cloudberrydb/blob/main/.gitmessage) template as a reference.
-- [ ] Sign the Contributor License Agreement as prompted for your first-time contribution.
+- [ ] Sign the Contributor License Agreement as prompted for your first-time contribution(*One-time setup*).
+- [ ] Learn the [coding contribution guide](https://cloudberrydb.org/contribute/code), including our code conventions, workflow and more.
 - [ ] List your communication in the [GitHub Issues](https://github.com/cloudberrydb/cloudberrydb/issues) or [Discussions](https://github.com/orgs/cloudberrydb/discussions) (if has or needed).
 - [ ] Document changes.
 - [ ] Add tests for the change

SECURITY.md

@@ -44,6 +44,21 @@ For better collaboration, we hope you:
   Slack](https://github.com/cloudberrydb/cloudberrydb/issues/new/choose)
   instead.
 
+## Handling Process
+
+Here's an overview of the security issues handling process:
+
+* The reporter reports the security issues to the Cloudberry Database
+  team.
+* The Cloudberry Database team investigates the report and decides to
+  accept or reject the report. If our team rejects the report, the
+  team will explain why to the reporter. If we accept the report, our
+  team will work privately with the reporter to fix the security
+  issues.
+* Release the new version of the Cloudberry Database that includes the
+  fix.
+* Public the security issues.
+
 ## Preferred Languages
 
 We prefer all communications to be in English.