...
A public page must be made available detailing the ONAP vulnerability procedures, and providing a single point of contact for contacting the ONAP vulnerability sub-committee. This should be a private email list (security@listsonap-security@lists.onap.org) that only members of the ONAP vulnerability sub-committee have access to.
...