DOCS-15078: Updates to the vulnerability report page (#836) (#906)

* DOCS-15078: Testing out the link markup

* DOCS-15078: Removed outdated information

* DOCS-15078: Minor tweak

* DOCS-15078: Fix list formatting

* DOCS-15078: Incorporate feedback

* DOCS-15078: Minor wordsmith

Co-authored-by: Sarah Olson <[email protected]>

Co-authored-by: Sarah Olson <[email protected]>

Author: sarah-olson-mongodb

source/tutorial/create-a-vulnerability-report.txt

@@ -12,62 +12,20 @@ Create a Vulnerability Report
 
 If you believe you have discovered a vulnerability in MongoDB products
 or have experienced a security incident related to MongoDB products,
-please report the issue to aid in its resolution.
+please report the issue to aid in its resolution. For more information on 
+vulnerability reports, see the following resources:
 
-To report an issue, we strongly suggest filing a ticket in the
-:issue:`SECURITY <SECURITY>` project in JIRA.  MongoDB, Inc
-responds to vulnerability notifications within 48 hours.
-
-Create the Report in JIRA
--------------------------
-
-`Submit a Ticket
-<https://jira.mongodb.org/secure/CreateIssue!default.jspa?project-field=%22Security%22>`_
-in the :issue:`Security <SECURITY>` project on our JIRA.
-The ticket number will become the reference identification for the
-issue for its lifetime. You can use this identifier for tracking
-purposes.
-
-Information to Provide
-----------------------
-
-All vulnerability reports should contain as much information
-as possible so MongoDB's developers can move quickly to resolve the issue.
-In particular, please include the following:
-
-- The name of the product.
-
-- *Common Vulnerability* information, if applicable, including:
-
-- CVSS (Common Vulnerability Scoring System) Score.
-
-- CVE (Common Vulnerability and Exposures) Identifier.
-- Contact information, including an email address and/or phone number,
-  if applicable.
-
-
-Send the Report via Email
--------------------------
-
-While JIRA is the preferred reporting method, you may also report
-vulnerabilities via email to `[email protected]
-<[email protected]>`_.
-
-You may encrypt email using MongoDB's public key at
-`https://docs.mongodb.com/10gen-security-gpg-key.asc <https://docs.mongodb.com/10gen-security-gpg-key.asc>`_.
-
-MongoDB, Inc. responds to vulnerability reports sent via
-email with a response email that contains a reference number for a JIRA ticket
-posted to the :issue:`SECURITY` project.
+* `MongoDB Security information <https://www.mongodb.com/security>`__ on our website 
+* `Webform <https://www.mongodb.com/bug-submission-form>`__ for vulnerability report submission
 
 Evaluation of a Vulnerability Report
 ------------------------------------
 
-MongoDB, Inc. validates all submitted vulnerabilities and uses Jira
-to track all communications regarding a vulnerability,
-including requests for clarification or additional information. If
-needed, MongoDB representatives set up a conference call to exchange
-information regarding the vulnerability.
+MongoDB, Inc. validates all submitted vulnerabilities through internal 
+investigation. If needed, MongoDB representatives will reach out to the 
+reporter for further information and to provide the results of the 
+investigation. Please allow MongoDB representatives up to one week to 
+acknowledge submissions.
 
 Disclosure
 ----------