refactor(docs): refactor security section from COMPLIANCE.md into SECURITY.md

Author: amilcarlucas

COMPLIANCE.md

@@ -11,58 +11,58 @@ ArduPilot Methodic Configurator adheres to multiple compliance standards and bes
 - Translated into multiple languages
 - No visible menus, no hidden menus.
 
-## Code Quality
+## Coding Standards
 
+- Follows object-oriented design principles and [clean code practices](https://www.oreilly.com/library/view/clean-code/9780136083238/)
+  - [Backend, business logic, frontend (GUI) separation](ARCHITECTURE.md) for improved testability and maintainability
 - Follows [PEP 8](https://peps.python.org/pep-0008/) Python code style guidelines
+- Uses [PEP 484](https://peps.python.org/pep-0484/) [type hints](https://docs.python.org/3/library/typing.html)
+  - Enforces type checking with [MyPy](https://www.mypy-lang.org/) and [pyright](https://microsoft.github.io/pyright/#/) type checkers
+- Automated code formatting using [ruff](https://docs.astral.sh/ruff/) for consistency
+- Implements [PEP 621](https://peps.python.org/pep-0621/) project metadata standards
+- Adheres to [Keep a Changelog](https://keepachangelog.com/) format
+- Complies with [Python Packaging Authority](https://www.pypa.io/) guidelines
+
+## Code Quality
+
 - Maintains high code quality through automated linting (static code analysis), all using strict settings:
   - [Pylint](https://www.pylint.org/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/pylint.yml),
   - [Ruff](https://docs.astral.sh/ruff/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/ruff.yml),
   - [mypy](https://www.mypy-lang.org/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/mypy.yml) and
   - [pyright](https://microsoft.github.io/pyright/#/) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/pyright.yml)
-- Uses [PEP 484](https://peps.python.org/pep-0484/) [type hints](https://docs.python.org/3/library/typing.html)
-  - Enforces type checking with [MyPy](https://www.mypy-lang.org/) and [pyright](https://microsoft.github.io/pyright/#/) type checkers
-- Automated code formatting using [ruff](https://docs.astral.sh/ruff/) for consistency
+- Implements comprehensive error handling and logging, with 5 verbosity levels
 - Code and documentation are [spell checked](https://streetsidesoftware.com/vscode-spell-checker/)
   and [english grammar checked](https://app.grammarly.com/)
   - [markdown-lint](https://github.com/DavidAnson/markdownlint-cli2)
   [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/markdown-lint.yml) and
   - [markdown-link-check](https://github.com/tcort/markdown-link-check) [automated workflow](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/markdown-link-check.yml)
-- Follows object-oriented design principles and [clean code practices](https://www.oreilly.com/library/view/clean-code/9780136083238/)
-- Implements comprehensive error handling and logging, with 5 verbosity levels
-- Implements [PEP 621](https://peps.python.org/pep-0621/) project metadata standards
-- Adheres to [Keep a Changelog](https://keepachangelog.com/) format
-- Complies with [Python Packaging Authority](https://www.pypa.io/) guidelines
 
 ## Software Development
 
 - Implements [continuous integration/continuous deployment](https://github.com/ArduPilot/MethodicConfigurator/actions) (CI/CD) practices
 - Maintains comprehensive [assertion-based test coverage](https://coveralls.io/github/ArduPilot/MethodicConfigurator?branch=master) through [pytest](https://docs.pytest.org/en/stable/)
-- Uses [semantic versioning](https://semver.org/) for releases
+- Follows [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/) and uses [semantic versioning](https://semver.org/) for releases
 - Follows [git-flow branching model](https://www.gitkraken.com/learn/git/git-flow)
-- Implements [automated security scanning and vulnerability checks](https://app.snyk.io/org/amilcarlucas/project/c8fd6e29-715b-4949-b828-64eff84f5fe1)
 - Implements [git pre-commit hooks](https://pre-commit.com/) to ensure code quality and compliance on every commit
-- Implements reproducible builds with locked dependencies
 - Uses containerized CI/CD environments for consistency
-- Uses automated changelog generation
+- Uses [automated](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/windows_build.yml) [changelog generation](https://github.com/ArduPilot/MethodicConfigurator/releases)
+- Implements reproducible builds with [pinned software dependencies](https://www.kusari.dev/blog/pinning-dependencies)
 - Implements automated dependency updates and security patches using [renovate](https://www.mend.io/renovate/) and [dependabot](https://github.com/dependabot)
 
 ## Open Source
 
 - Complies with [OpenSSF Best Practices](https://www.bestpractices.dev/projects/9101) for open source projects
 - Uses [REUSE specification](https://reuse.software/spec-3.3/) for license compliance
-  - Uses CI job to ensure compliance
+  - Uses [CI job to ensure compliance](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/reuse.yml)
   - Uses [SPDX license identifiers](https://spdx.org/licenses/)
 - Maintains comprehensive (more than 5000 lines) documentation
 - Implements [inclusive community guidelines](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CODE_OF_CONDUCT.md)
 - Provides [clear contribution procedures](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CONTRIBUTING.md)
 
 ## Security
 
-- Regular security audits through [Snyk](https://snyk.io/), [codacy](https://www.codacy.com/), [black duck](https://www.blackduck.com/) and other tools
-- Follows [OpenSSF Security Scorecard](https://securityscorecards.dev/) best practices
-- Uses [gitleaks](https://github.com/gitleaks/gitleaks) pre-commit hook to ensure no secrets are leaked
-- Implements secure coding practices, runs [anti-virus in CI](https://github.com/ArduPilot/MethodicConfigurator/actions/workflows/gitavscan.yml)
-- Maintains [security policy and vulnerability reporting process](https://github.com/ArduPilot/MethodicConfigurator/blob/master/SECURITY.md)
+See our comprehensive [Security Policy](https://ardupilot.github.io/MethodicConfigurator/SECURITY) for details on security measures,
+audits, and vulnerability reporting processes.
 
 <!-- Gurubase Widget -->
 <script async src="https://widget.gurubase.io/widget.latest.min.js"

CONTRIBUTING.md

@@ -20,7 +20,7 @@ Read [our architecture](https://ardupilot.github.io/MethodicConfigurator/ARCHITE
 and also:
 
 * [System requirements](https://ardupilot.github.io/MethodicConfigurator/SYSTEM_REQUIREMENTS.html)
-* [Compliance](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE.html)
+* [Compliance](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE.html), including our [Coding Standards](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE.html#coding-standards)
 
 ## Setting up developer environment
 

GOVERNANCE.md

@@ -14,12 +14,12 @@ regarding the project's direction, code changes, and dispute resolution.
 **Responsibilities**:
 
 - Make final decisions on all project aspects including code changes, feature priorities,
-  release schedules, and community policies
-- Review and merge pull requests
+  [release schedules](https://ardupilot.github.io/MethodicConfigurator/ROADMAP), and [community policies](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CODE_OF_CONDUCT.md)
+- Review and merge [pull requests](https://github.com/ArduPilot/MethodicConfigurator/pulls)
 - Maintain project infrastructure and security
 - Resolve disputes and conflicts within the project
-- Set project vision and roadmap
-- Ensure compliance with licensing and legal requirements
+- Set [project vision and roadmap](https://ardupilot.github.io/MethodicConfigurator/ROADMAP)
+- Ensure [compliance](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE) with licensing and legal requirements
 - Represent the project in external communications
 
 ### Contributors
@@ -32,7 +32,7 @@ regarding the project's direction, code changes, and dispute resolution.
 - Submit well-tested and documented code changes via [GitHub pull requests](https://github.com/ArduPilot/MethodicConfigurator/pulls)
 - Participate in code reviews when requested
 - Respect [community guidelines](https://github.com/ArduPilot/MethodicConfigurator/blob/master/CODE_OF_CONDUCT.md) and maintain professional conduct
-- Keep contributions aligned with project goals and [standards](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE)
+- Keep contributions aligned with [project goals](https://ardupilot.github.io/MethodicConfigurator/ROADMAP) and [standards](https://ardupilot.github.io/MethodicConfigurator/COMPLIANCE)
 - Respond to feedback on their contributions
 
 ### Community Members

SECURITY.md

@@ -48,7 +48,10 @@ We adhere to industry standards and best practices as documented in our
 
 - Secure coding practices
 - License compliance verification
-- Regular security audits
+- Regular security audits through [Snyk](https://snyk.io/), [Codacy](https://www.codacy.com/),
+  [Black Duck](https://www.blackduck.com/) and other tools
+- Uses [gitleaks](https://github.com/gitleaks/gitleaks) pre-commit hook to ensure no secrets are leaked
+- Implements [automated security scanning and vulnerability checks](https://app.snyk.io/org/amilcarlucas/project/c8fd6e29-715b-4949-b828-64eff84f5fe1)
 - Open-source security guidelines
 
 ### What Users Can Expect