Add cure53 security audit report (#1065)

* Add cure53 security report
Signed-off-by: Richard Hartmann <richih@richih.org>

* Improve formatting of navigation
Signed-off-by: Richard Hartmann <richih@richih.org>

* Work in feedback by @juliusv
Signed-off-by: Richard Hartmann <richih@richih.org>

* Work in feedback by @juliusv & @brian-brazil
Signed-off-by: Richard Hartmann <richih@richih.org>

* Work in feedback by @brian-brazil
Signed-off-by: Richard Hartmann <richih@richih.org>

* Take @julisuv feedback into account
Signed-off-by: Richard Hartmann <richih@richih.org>

* Remove audit description
Signed-off-by: lucperkins <lucperkins@gmail.com>

* Update PDF download URL
Signed-off-by: lucperkins <lucperkins@gmail.com>

content/docs/operating/security.md

@@ -107,7 +107,7 @@ If using a client-library-provided HTTP handler, it should not be possible for
 malicious requests that reach that handler to cause issues beyond those
 resulting from additional load and failed scrapes.
 
-## Authentication/Authorisation/Encryption
+## Authentication, Authorization, and Encryption
 
 Prometheus and its components do not provide any server-side
 authentication, authorisation or encryption. If you require this, it is
@@ -184,3 +184,11 @@ members of the Prometheus development team and the staff of those providers
 have access. If you are concerned about the exact provenance of your binaries,
 it is recommended to build them yourself rather than relying on the
 pre-built binaries provided by the project.
+
+## External audits
+
+[CNCF](https://cncf.io) sponsored an external security audit by
+[cure53](https://cure53.de) which ran from April 2018 to June 2018.
+
+For more details, please read the
+[final report of the audit](/assets/downloads/2018-06-11--cure53_security_audit.pdf).