Currently the [security tab](https://github.com/openjdk/jdk/security) on the GitHub repos is empty with no clear information or links on where to report security vulnerabilities.
<img width="1278" alt="Screenshot 2024-09-24 at 14 28 37" src="https://github.com/user-attachments/assets/4fd68f9f-46d8-4c06-ad71-52747c8f5cf2";> I've made an exact copy of https://openjdk.org/groups/vulnerability/report which hasn't changed since 2019 so is unlikely to require regular updating. The other option is that we simply provide a link in the security file to this policy on the website? I'm happy with either approach. ------------- Commit messages: - 8340815: Add SECURITY.md file Changes: https://git.openjdk.org/jdk/pull/21155/files Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=21155&range=00 Issue: https://bugs.openjdk.org/browse/JDK-8340815 Stats: 19 lines in 1 file changed: 19 ins; 0 del; 0 mod Patch: https://git.openjdk.org/jdk/pull/21155.diff Fetch: git fetch https://git.openjdk.org/jdk.git pull/21155/head:pull/21155 PR: https://git.openjdk.org/jdk/pull/21155
