Add a section and page on vulnerability management

Prepare to import vulnerability management process from wiki and
create a short section on the process and referenca a place-holder
page where the process will be imported.

Issue-ID: SECCOM-246
Change-Id: I796e085a8f0e098f69ca0f9cc0f97fb90fffe23e
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>

2 files changed, 24 insertions, 0 deletions

diff --git a/docs/index.rst b/docs/index.rst
index db3a876..a516e33 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -9,10 +9,21 @@ ONAP Security
 
 .. toctree::
    :maxdepth: 1
+   :hidden:
 
+   ONAP Security <self>
+   process
+
+Reporting Vulnerabilities
+-------------------------
+
+If you discovered a potential vulnerability in ONAP we kindly ask you to report it to us as soon as possible.
+You can do this by creating a ticket in `OJSI jira <https://jira.onap.org/projects/OJSI>`_ project.
+To get more details about our vulnerability management process or learn about alternative communication channels please refer to :ref:`vm-process`.
 
 ONAP Security Advisories (OSA)
 ------------------------------
+
 You can find the complete list of published advisories here:
 
 .. toctree::
diff --git a/docs/process.rst b/docs/process.rst
new file mode 100644
index 0000000..84586ad
--- /dev/null
+++ b/docs/process.rst
@@ -0,0 +1,13 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. Strongly based on Open Stack Vulnerability Management Process
+.. which is copyrighted to OpenStack Foundation
+.. Copyright 2019 Samsung Electronics
+.. _vm-process:
+
+=============================
+ONAP Vulnerability Management
+=============================
+
+.. toctree::
+   :maxdepth: 1