To whom it may concern:
My colleague and I are pursuing a research project in regards to the security of IoT Operating Systems. We have selected Riot OS as our focus for our project. We are hoping to ask for some helpful information in regards to the security policies and practices implemented in the standard opensource version of Riot OS, with the ultimate goal of contributing to the Riot OS community the results of our research and suggestions for improvement.
Thank you so much in advance for your time and consideration,
Dominic Massoni
Towson University
BS Combined Mathematics & Computer Science
Hi,
To whom it may concern:
This is a fairly good place to ask.
We are hoping to ask for some helpful information in regards to the
security policies and practices ...
Thanks for giving us a heads up 
I would suggest you take a look at the wiki where our processes are
documented.
https://github.com/RIOT-OS/RIOT/wiki/RIOT-Community-Processes
In case you are interested in the concrete technical measurements, our
the CI tests live here:
https://github.com/RIOT-OS/RIOT/tree/master/dist/tools
With that as a starting point, feel free to ask specific questions
here 
... implemented in the standard opensource version of Riot OS, ...
There is no other version.
... with the ultimate goal of contributing to the Riot OS community
the results of our research and suggestions for improvement.
So you assume there is room for improvement, eh? (just kidding)
Cheers,
Ludwig