From 55cb9a5592570f7086aa5b09048fb40b8c87fdd1 Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Wed, 3 Jun 2026 14:35:16 -0400
Subject: [PATCH 1/2] Added CVE policy to README.md file

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 33e9b91e42..a5d34ac799 100644
--- a/README.md
+++ b/README.md
@@ -207,6 +207,14 @@ patched_versions:
 # General Contributing Guidelines
  * Advisory filename prefix naming preferance is:
    * 1st choice: CVE, then GHSA, then OSVDB.
+     - For post-2016 advisories, use only "published" CVEs which are
+       found at one of these web sites:
+       - https://nvd.nist.gov/vuln/search
+       - https://www.cve.org/CVERecord
+       - https://www.cvedetails.com/index.php
+       - https://cve.report
+     This CVE can be used in the primary "url:", "cve:", and
+     "related:"/"url:" fields.
    * Advisory filename (without suffix) should be equal to root `url:` field value.
  * Try to keep all text within 80 columns.
  * Run yamlint [`yamllint` tool](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format. It find no issues.

From efeffd168e36d899f89f8528312d3dab93dd710b Mon Sep 17 00:00:00 2001
From: Al Snow <43523+jasnow@users.noreply.github.com>
Date: Wed, 3 Jun 2026 14:36:49 -0400
Subject: [PATCH 2/2] combined two lines

Removed duplicate line about CVE usage in fields.
---
 README.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/README.md b/README.md
index a5d34ac799..25bd630fa2 100644
--- a/README.md
+++ b/README.md
@@ -213,8 +213,7 @@ patched_versions:
        - https://www.cve.org/CVERecord
        - https://www.cvedetails.com/index.php
        - https://cve.report
-     This CVE can be used in the primary "url:", "cve:", and
-     "related:"/"url:" fields.
+     This CVE can be used in the primary "url:", "cve:", and "related:"/"url:" fields.
    * Advisory filename (without suffix) should be equal to root `url:` field value.
  * Try to keep all text within 80 columns.
  * Run yamlint [`yamllint` tool](https://yamllint.readthedocs.io/en/stable/quickstart.html] to check yaml format. It find no issues.