From 100f9f2682d021185bb8917360dcc2efaed74926 Mon Sep 17 00:00:00 2001
From: Ben Cotton <ben@kusari.dev>
Date: Thu, 16 Jan 2025 12:27:23 -0500
Subject: [PATCH] Add rationale for OSPS-VM-05

Signed-off-by: Ben Cotton <ben@kusari.dev>
---
 baseline/OSPS-VM.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/baseline/OSPS-VM.yaml b/baseline/OSPS-VM.yaml
index c72092b..9472c84 100644
--- a/baseline/OSPS-VM.yaml
+++ b/baseline/OSPS-VM.yaml
@@ -101,7 +101,11 @@ criteria:
       The project publishes contacts and process
       for reporting vulnerabilities.
     rationale: |
-       # TODO 
+       Reports from researchers and users are an important source for
+       identifying vulnerabilities in a project. People with
+       vulnerabilities to report should have a clear understanding of
+       the process so that they can quickly submit the report to the
+       project.
     details: |
        Create a security.md (or similarly-named) file that contains security 
        contacts for the project and provide project's