Add vulnerability disclosure policy

This is now required for CNAs in the CVE program at MITRE: https://cve.mitre.org/cve/cna/rules.html#section_2-3_record_management_rules
author: Florian Weimer <fw@deneb.enyo.de> 2020-05-04 20:57:30 +0200
committer: Laura Arjona Reina <larjona@debian.org> 2020-05-05 22:39:57 +0200
commit: 9fa3f904888bea56c4798e4cb9c2f1bce4578c0d (patch)
tree: 4b03de065fa730adf761fe106e7bd704d7036e56 /english/security/faq.wml
parent: 86c03d7f373483438661cc2da3886d638ad18a44 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/english/security/faq.wml b/english/security/faq.wml
index 1c5882ee924..a49b45bd334 100644
--- a/english/security/faq.wml
+++ b/english/security/faq.wml
@@ -365,6 +365,11 @@
    href="https://github.com/RedHatProductSecurity/CVE-HOWTO">\
    CVE OpenSource Request HOWTO</a>.</p>
 
+<toc-add-entry name=disclosure-policy>Does Debian have a vulnerability disclosure policy?</toc-add-entry>
+<p>A: Debian has published a <a href="disclosure-policy">vulnerability
+   disclosure policy</a> as part of its participation in the CVE
+   program.</a>
+
 <h1>Deprecated Debian security FAQ</h1>
 
 <toc-add-entry name=localremote>What does <q>local (remote)</q> mean?</toc-add-entry>
author	Florian Weimer <fw@deneb.enyo.de>	2020-05-04 20:57:30 +0200
committer	Laura Arjona Reina <larjona@debian.org>	2020-05-05 22:39:57 +0200
commit	9fa3f904888bea56c4798e4cb9c2f1bce4578c0d (patch)
tree	4b03de065fa730adf761fe106e7bd704d7036e56 /english/security/faq.wml
parent	86c03d7f373483438661cc2da3886d638ad18a44 (diff)