Link to responsible disclosure guidelines in Security-Policy remediation doc (#1545)

* refer to repsonsible disclosure guidelines

* typo

Author: laurentsimon

docs/checks.md

@@ -517,7 +517,7 @@ information about a bug is not publicly visible.
 
 **Remediation steps**
 - Place a security policy file `SECURITY.md` in the root directory of your repository. This makes it easily discoverable by a vulnerability reporter.
-- The file should contain information on what constitutes a vulnerability and a way to report it securely (e.g. issue tracker with private issue support, encrypted email with a published public key).
+- The file should contain information on what constitutes a vulnerability and a way to report it securely, e.g., an issue tracker with private issue support, encrypted email with a published public key. Follow the [coordinated vulnerability disclosure guidelines](https://github.com/ossf/oss-vulnerability-guide/blob/main/guide.md) to respond to vulnerability disclosures.
 - For GitHub, see more information [here](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository).
 
 ## Signed-Releases 

docs/checks/internal/checks.yaml

@@ -551,7 +551,9 @@ checks:
       - >-
         The file should contain information on what constitutes a vulnerability
         and a way to report it securely (e.g. issue tracker with private issue
-        support, encrypted email with a published public key).
+        support, encrypted email with a published public key). Follow the 
+        [coordinated vulnerability disclosure guidelines](https://github.com/ossf/oss-vulnerability-guide/blob/main/guide.md)
+        to respond to vulnerability disclosures.
       - >-
         For GitHub, see more information
         [here](https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository).