Create page for vulnerability reporting
This page should provide contact information and timelines for acknowledgment of receipt and status update timeline.
We can get inspiration from products with certification see https://www.csa.gov.sg/programmes/cybersecurity-labelling/product-list
example https://kylaconnect.com/vulnerability-disclosure-policy/
This should help meet the following mandatory requirements for Tier 1 defined by CSA Singapore's Cybersecurity Labeling Scheme
- 5.2-1:The manufacturer shall make a vulnerability disclosure policy publicly available. This policy shall include, at a minimum: contact information for the reporting of issues; and information on timelines for: 1)initial acknowledgment of receipt; and 2)status updates until the resolution of the reported issues.
Related to https://gitlab.nic.cz/turris/biz/singapore-certification/-/issues/1