first pass at security docs

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>

README.md

@@ -68,18 +68,18 @@ The config is liable to be changed, and there are missing features; full documen
 
 ## Architecture
 
-There is an [overview of the architecture](architecture/) covering how the system works.
+There is an [overview of the architecture](docs/architecture.md) covering how the system works.
+
+
+## Security design
+
+There is an [overview of the security considerations and direction](docs/security.md) covering the security design of the system.
 
 ## Roadmap
 
 This project was extensively reworked from the code we are shipping in Docker Editions, and the result is not yet production quality. The plan is to return to production
 quality during Q2 2017, and rebase the Docker Editions on this open source project.
 
-Security by default is a key aim. In the short term this means Moby uses modern kernels, best practise settings for the kernel from [KSPP](https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project)
-and elsewhere, and a minimal and immutable base. It also means working to incorporate more security features into the kernel, including those in our [projects](projects/). In userspace, the core system components
-are key to security, and we believe they should be written in type safe languages, such as Rust, Go and OCaml, and run with maximum privilege separation and isolation.
-There is ongoing work to remove C components, and to improve, fuzz test and isolate the base daemons.
-
 This is an open project without fixed judgements, open to the community to set the direction. The guiding principles are:
 - Security informs design
 - Infrastructure as code: immutable, manageable with code