docs: add templates for advanced disclosure and security release emails in runbook (#4529)

lum1n0us · web-flow · commit a4f307718686 · 2025-08-11T15:09:13.000+08:00
diff --git a/doc/security_issue_runbook.md b/doc/security_issue_runbook.md
@@ -25,6 +25,16 @@ For information on what types of issues are considered security vulnerabilities
 - Request CVE: Use the Big Green Button on the advisory to request a CVE number from GitHub staff.
 - Advanced Disclosure Email: Decide on a disclosure date, typically within a week, and send an email to sec-announce@bytecodealliance.org about the upcoming security release. Other ways are also available to communicate the disclosure date.
 
+``` markdown
+> A template for the advanced disclosure email
+
+The Wamr project would like to announce a forthcoming security release.
+
+The release will be made available on approximately YYYY-MM-DD. Additionally, an advisory will be made available on the same date at https://github.com/advisories.
+
+The highest severity issue fixed in this release is classified as XXX based on the CVSS classification scheme.
+```
+
 ## Step 5: Preparing and Testing Patch Releases
 
 - Prepare PRs for Patch Releases: Create pull requests in the private fork for each version being patched. Ensure each PR is ready to apply cleanly and includes release notes for each release branch.
@@ -38,6 +48,16 @@ For information on what types of issues are considered security vulnerabilities
 - Publish GitHub Advisories: Delete the private forks and use the Big Green Button to publish the advisory.
 - Send Security Release Email: Send a follow-up email to sec-announce@bytecodealliance.org describing the security release. Other communication channels can also be used to inform users about the security release.
 
+```markdown
+> A template for the security release email
+
+[Updated YYYY-MM-DD] Security release available.
+
+WAMR release version X.Y.Z is now available. The binary release can be found on GitHub at https://github.com/bytecodealliance/wasm-micro-runtime/releases/tag/WAMR-Y.Y.Z. This release addresses the following security issues rated XXX: https://the link of the advisory
+
+We’ll be conducting a full review of our security practices to ensure ample notification is provided for future security releases.
+```
+
 By following these steps, you can effectively manage and resolve security issues for your open source project, ensuring timely communication and collaboration while maintaining the integrity and security of your software.
 
 ## References
