Improve security section of release notes

In order to provide users with more details on project's state in
terms of security let's divide the security release notes into three
sections:

- Fixed Security Issues
  Contains a list of security fixes merged during this
  release (especially those reported via OJSI tickets).

- Known Security Issues
  Contains a list of vulnerabilities detected in project during
  release which have not been fixed yet and thus should be mitigated
  by the user.

- Known Vulnerabilities in Used Modules
  Contains information about NexusIQ scan results

Issue-ID: SECCOM-238
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I8bbac2b7e7126369e30da218b69cdc3744d3c0c5

diff --git a/docs/templates/sections/release-notes.rst b/docs/templates/sections/release-notes.rst
index 9b6688c..df61760 100644 (file)
--- a/docs/templates/sections/release-notes.rst
+++ b/docs/templates/sections/release-notes.rst
@@ -6,11 +6,11 @@ Release Notes
 =============
 
 .. note::
-       * This Release Notes must be updated each time the team decides to Release new artifacts.
-       * The scope of this Release Notes is for this particular component. In other words, each ONAP component has its Release Notes.
-       * This Release Notes is cumulative, the most recently Released artifact is made visible in the top of this Release Notes.
-       * Except the date and the version number, all the other sections are optional but there must be at least one section describing the purpose of this new release.
-       * This note must be removed after content has been added.
+        * This Release Notes must be updated each time the team decides to Release new artifacts.
+        * The scope of this Release Notes is for this particular component. In other words, each ONAP component has its Release Notes.
+        * This Release Notes is cumulative, the most recently Released artifact is made visible in the top of this Release Notes.
+        * Except the date and the version number, all the other sections are optional but there must be at least one section describing the purpose of this new release.
+        * This note must be removed after content has been added.
 
 
 Version: x.y.z
@@ -26,18 +26,28 @@ Version: x.y.z
 One or two sentences explaining the purpose of this Release.
 
 **Bug Fixes**
-       - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and a sentence explaining what this defect is addressing.
+        - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and a sentence explaining what this defect is addressing.
 **Known Issues**
-       - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and two, three sentences.
-         One sentences explaining what is the issue.
-         
-         Another sentence explaining the impact of the issue.
-         
-         And an optional sentence providing a workaround.
+        - `CIMAN-65 <https://jira.onap.org/browse/CIMAN-65>`_ and two, three sentences.
+          One sentences explaining what is the issue.
 
-**Security Issues**
-       You may want to include a reference to CVE (Common Vulnerabilities and Exposures) `CVE <https://cve.mitre.org>`_
+          Another sentence explaining the impact of the issue.
 
+          And an optional sentence providing a workaround.
+
+**Security Notes**
+
+*Fixed Security Issues*
+
+        List of security issues fixed in this release including CVEs and OJSI tickets.
+
+*Known Security Issues*
+
+        List of new security issues that are left unfixed in this release including CVEs and OJSI tickets.
+
+*Known Vulnerabilities in Used Modules*
+
+        Results of know vulnerabilities analysis in used modules.
 
 **Upgrade Notes**