*** empty log message ***
diff --git a/_projectCommon.php b/_projectCommon.php
new file mode 100755
index 0000000..f1efa28
--- /dev/null
+++ b/_projectCommon.php
@@ -0,0 +1,24 @@
+<?php
+/*******************************************************************************
+ * Copyright (c) 2011 Eclipse Foundation and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ *    Wayne Beaton (Eclipse Foundation)- initial API and implementation
+ *******************************************************************************/
+$theme = "Nova";
+$App->Promotion = TRUE;
+
+$App->AddExtraHtmlHeader("<style>#midcolumn {background-image:url(/images/draft.gif);background-size:100%}</style>");
+
+$Nav->addNavSeparator("Security", 'index.php');
+$Nav->addCustomNav("Email the Security Team", "mailto:security@eclipse.org", "_self", 2);
+$Nav->addCustomNav("Policy", "policy.php", "_self", 2);
+$Nav->addCustomNav("Known Vulnerabilities", "known.php", "_self", 2);
+$Nav->addNavSeparator("Projects", "/projects");
+$Nav->addCustomNav("List of Projects", "/projects/listofprojects.php", "_self", 2);
+$Nav->addCustomNav("Project Tools", "/projects/tools", "_self", 2);
+?>
\ No newline at end of file
diff --git a/index.php b/index.php
index f58eb39..b16434b 100755
--- a/index.php
+++ b/index.php
@@ -1,77 +1,88 @@
 <?php
 /*******************************************************************************
  * Copyright (c) 2011 Eclipse Foundation and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- *    Wayne Beaton (Eclipse Foundation)- initial API and implementation
- *******************************************************************************/
+* All rights reserved. This program and the accompanying materials
+* are made available under the terms of the Eclipse Public License v1.0
+* which accompanies this distribution, and is available at
+* http://www.eclipse.org/legal/epl-v10.html
+*
+* Contributors:
+*    Wayne Beaton (Eclipse Foundation)- initial API and implementation
+*******************************************************************************/
 require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
 require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
 require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
 $App = new App();
 $Nav = new Nav();
 $Menu = new Menu();
-include($App->getProjectCommon()); 
+include($App->getProjectCommon());
 
 $pageTitle 		= "Eclipse Security";
 $pageAuthor		= "";
 $pageKeywords	= "Eclipse, projects, security";
 
-require_once dirname(__FILE__) . '/../projects/classes/images.inc';
-
-//include( '_commonLeftNav.php' );
-
-function button($title, $text, $url, $image) {
-	echo "<a href=\"$url\"><div class=\"cell\" style=\"background-image:url($image);\"><h3>$title</h3><p>$text</p></div></a>";
-}
-
-$App->AddExtraHtmlHeader("<link type=\"text/css\" rel=\"stylesheet\" href=\"/projects/buttons.css\">");
-
 ob_start();
 ?>
-<div style="display:block;background-image:url(/default/images/backgroundMainEmpty.png);background-repeat:no-repeat">
-	<div style="position:relative;height:193px">
-		<div style="position:absolute;top:0;right:0;width:50%">
-			<?php 
-				button("What's New?", "Find out what's new in the Eclipse Projects.", "whatsnew.php", $images->whats_new_huge);
-				button("All Projects", "See a list of all the projects hosted at Eclipse.", "listofprojects.php", $images->projects_huge);
-				button("Start a new Project", "Words of advice; getting started.", "http://wiki.eclipse.org/Development_Resources/HOWTO/Starting_A_New_Project", $images->new_project_huge);
-				button("Emeritus", "The Committer Hall of Fame.", "committers-emeritus.php", $images->emeritus_huge);
-			?>
-		</div>
-		<div style="position:absolute;top:0;left:1%;right:50%;width:45%">		
-			<h3>Eclipse Projects</h3>
-			<p>Eclipse projects now cover runtimes; static and dynamic languages; thick-client, thin-client, and server-side
-			frameworks; modeling and business reporting; embedded and mobile; and, yes, we still have the best Java IDE.</p>
-			<p>This page is designed to be a gateway into the projects for users, adopters, team members, and the
-			merely curious.</p>
-		</div>
+<div id="maincontent">
+	<div id="midcolumn">
+		<h1><?php echo $pageTitle; ?></h1>
+		<p>
+			<i>ISO 27005 defines vulnerability as: &quot;A weakness of an asset
+				or group of assets that can be exploited by one or more
+				threats.&quot;</i>
+		</p>
+
+		<h2>The Ecipse Security Team</h2>
+		<p>The Eclipse Security Team provides help and advice to Eclipse
+			projects on security issues and is the first point of contact for
+			handling security vulnerabilities. Members of the Security Team are
+			committers on Eclipse projects and members of the Eclipse
+			Architecture Council.</p>
+		<p>
+			Contact the <a href="mailto:security@eclipse.org">Eclipse Security
+				Team</a>.
+		</p>
+
+		<h2>Reporting a Security Vulnerability</h2>
+		<p>Vulnerabilities can be reported either via email to the Eclipse
+			Security Team or directly with a project via Bugzilla.</p>
+		<p>
+			The general security mailing list address is <a
+				href="mailto:security@eclipse.org">security@eclipse.org</a>. Members
+			of the Eclipse Security Team will receive messages sent to this
+			address. This address should be used only for reporting undisclosed
+			Vulnerabilities; regular bug reports and questions unrelated to
+			Vulnerabilities in Eclipse software will be ignored. Note that this
+			email address is not encrypted.
+		</p>
+		<p>
+			The community is also encouraged to report Vulnerabilities using the
+			standard <a href="https://bugs.eclipse.org/bugs">Eclipse Bugzilla</a>
+			instance. Bug reports related to Vulnerabilities must be marked as
+			&quot;committers-only&quot;, either by the reporter, or by a
+			committer during the triage process. Note that bugs marked
+			&quot;committers-only&quot; are visible to all Eclipse committers. By
+			default, a &quot;committers-only&quot; bug is also accessible to the
+			reporter and individuals explicitly indicated in the &quot;cc&quot; list.
+		</p>
+
+		<h2>Disclosure</h2>
+		<p>
+			Disclosure is initially limited to the reporter and all Eclipse
+			Committers, but is expanded to include other individuals, and the
+			general public. The timing and manner of disclosure is governed by
+			the <a href="policy.php">Eclipse Security Policy</a>.
+		</p>
+		<p>
+			Publicly disclosed bugs are listed on the <a href="known.php">Disclosed
+				Vulnerabilities Page</a>.
+		</p>
 	</div>
 </div>
-<div style="clear:both"></div>
-
-
-
-<div>
-	<?php 
-		button("Portal", "Manage your Eclipse Project's information.", "http://portal.eclipse.org", $images->portal_huge);
-		button("Process", "The Eclipse Development Process.", "dev_process/development_process.php", $images->edp_huge);
-		button("Development Resources", "Information and help for committers.", "http://wiki.eclipse.org/Development_Resources", $images->committers_huge);
-		button("Project Tools", "Some handy and helpful tools for projects.", "/projects/tools", $images->tools_huge);
-	?>
-</div>
 
 <?php
-	# Paste your HTML content between the EOHTML markers!
-	$html = ob_get_contents();
-	ob_end_clean();
-//	$App->AddExtraHtmlHeader('<link rel="stylesheet" type="text/css" href="/default/style.css"/>');
-	# Generate the web page
-	$App->PageRSS = "/projects/reviews-rss.php";
-	$App->generatePage('Nova', $Menu, NULL, $pageAuthor, $pageKeywords, $pageTitle, $html);
+$html = ob_get_contents();
+ob_end_clean();
 
+$App->generatePage('Nova', $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
 ?>
\ No newline at end of file
diff --git a/known.php b/known.php
new file mode 100755
index 0000000..fd56f75
--- /dev/null
+++ b/known.php
@@ -0,0 +1,38 @@
+<?php
+/*******************************************************************************
+ * Copyright (c) 2011 Eclipse Foundation and others.
+* All rights reserved. This program and the accompanying materials
+* are made available under the terms of the Eclipse Public License v1.0
+* which accompanies this distribution, and is available at
+* http://www.eclipse.org/legal/epl-v10.html
+*
+* Contributors:
+*    Wayne Beaton (Eclipse Foundation)- initial API and implementation
+*******************************************************************************/
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
+$App = new App();
+$Nav = new Nav();
+$Menu = new Menu();
+include($App->getProjectCommon());
+
+$pageTitle 		= "Known Eclipse Security Vulnerabilities";
+$pageAuthor		= "";
+$pageKeywords	= "Eclipse, projects, security";
+
+ob_start();
+?>
+<div id="maincontent">
+	<div id="midcolumn">
+		<h1><?php echo $pageTitle; ?></h1>
+		
+		<p>Known vulnerabilities will be reported here.</p>
+	</div>
+</div>
+<?php
+$html = ob_get_contents();
+ob_end_clean();
+
+$App->generatePage('Nova', $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
+?>
\ No newline at end of file
diff --git a/policy.php b/policy.php
new file mode 100755
index 0000000..c1af62b
--- /dev/null
+++ b/policy.php
@@ -0,0 +1,13 @@
+<?php
+/*******************************************************************************
+ * Copyright (c) 2011 Eclipse Foundation and others.
+* All rights reserved. This program and the accompanying materials
+* are made available under the terms of the Eclipse Public License v1.0
+* which accompanies this distribution, and is available at
+* http://www.eclipse.org/legal/epl-v10.html
+*
+* Contributors:
+*    Wayne Beaton (Eclipse Foundation)- initial API and implementation
+*******************************************************************************/
+include 'policy_2011.php';
+?>
\ No newline at end of file
diff --git a/policy_2011.php b/policy_2011.php
new file mode 100755
index 0000000..d651ccc
--- /dev/null
+++ b/policy_2011.php
@@ -0,0 +1,200 @@
+<?php
+/*******************************************************************************
+ * Copyright (c) 2011 Eclipse Foundation and others.
+* All rights reserved. This program and the accompanying materials
+* are made available under the terms of the Eclipse Public License v1.0
+* which accompanies this distribution, and is available at
+* http://www.eclipse.org/legal/epl-v10.html
+*
+* Contributors:
+*    Wayne Beaton (Eclipse Foundation)- initial API and implementation
+*******************************************************************************/
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
+require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
+$App = new App();
+$Nav = new Nav();
+$Menu = new Menu();
+include($App->getProjectCommon());
+
+$pageTitle 		= "Eclipse Security Policy";
+$pageAuthor		= "";
+$pageKeywords	= "Eclipse, projects, security";
+
+require_once dirname(__FILE__) . '/../projects/classes/images.inc';
+
+ob_start();
+?>
+<div id="maincontent">
+	<div id="midcolumn">
+		<h1><?php echo $pageTitle; ?></h1>
+		<a name="Overview"></a>
+		<h2>Overview</h2>
+		<p>The purpose of the Eclipse Security Policy is to set forth the
+			general principles under which the Eclipse Foundation will manage the
+			reporting, management, discussion, and disclosure of Vulnerabilities
+			discovered in Eclipse software. This Security Policy applies to all
+			software distributed by the Eclipse Foundation, including all
+			software authored by Eclipse Committers and third-parties. This IP
+			Policy should at all times be interpreted in a manner that is
+			consistent with the Purposes of the Eclipse Foundation as set forth
+			in the Eclipse Foundation Bylaws.</p>
+		<p>
+			This document uses terms from the <a
+				href="http://www.eclipse.org/projects/dev_process/development_process.php"
+				class="external text"
+				title="http://www.eclipse.org/projects/dev_process/development_process.php"
+				rel="nofollow">Eclipse Development Process</a>.
+		</p>
+		<a name="Eclipse_Security_Team"></a>
+		<h2>Eclipse Security Team</h2>
+		<p>The Security Team is the first line of defense: it is effectively a
+			triage unit with security expertise. Ultimately, Vulnerabilities are
+			resolved by individual projects with assistance from the Security
+			Team.</p>
+		<p>The Security Team is composed of a small number of security
+			experts. At any point in time, there are no more than seven (7)
+			members, including a minimum of one representative each from the
+			Eclipse and RT Top-Level Projects, and a representative of the
+			EMO(ED). All members are appointed by EMO(ED).</p>
+		<p>Mail sent to the security mail address is sent exclusively to all
+			members of the Security Team. Anybody can send mail to this address.
+		</p>
+		<a name="Reporting"></a>
+		<h2>Reporting</h2>
+		<p>Vulnerabilities can be reported either via email or directly with a
+			project via Bugzilla.</p>
+		<p>The general security mailing list address is security@eclipse.org.
+			Members of the Eclipse Security Team will receive messages sent to
+			this address. This address should be used only for reporting
+			undisclosed Vulnerabilities; regular bug reports and questions
+			unrelated to Vulnerabilities in Eclipse software will be ignored.
+			Note that this email address is not encrypted.</p>
+		<p>The community is encouraged to report Vulnerabilities using the
+			standard Eclipse Bugzilla instance. Bug reports related to
+			Vulnerabilities must be marked as "committers-only", either by the
+			reporter, or by a committer during the triage process.</p>
+		<p>Note that bugs marked "committers-only" are visible to all Eclipse
+			committers. By default, a "committers-only" bug is also accessible to
+			the reporter and individuals explicitly indicated in the "cc" list.
+			These defaults can be overridden to further restrict access at the
+			discretion of the committer and project leadership.</p>
+		<dl>
+			<dd>
+				<i>Note that Bugzilla sends out emails as bugs are modified. Email
+					is inherently insecure.</i>
+			</dd>
+		</dl>
+		<a name="Discussion"></a>
+		<h2>Discussion</h2>
+		<p>Initial discussion of an open Vulnerability may occur privately
+			amongst members of the Security Team. Discussion should be moved to a
+			Bugzilla record in a timely manner.</p>
+		<a name="Resolution"></a>
+		<h2>Resolution</h2>
+		<p>A Vulnerability is considered resolved when either a patch or
+			workaround is available, or it is determined that a fix is not
+			possible or desirable.</p>
+		<p>The Eclipse IP Team will give priority to contribution
+			questionnaires (CQs) required to resolve Vulnerabilities.</p>
+		<p>It is left to the discretion of the Security Team and project
+			leadership to determine what subset of the project committers are
+			best suited to resolve Vulnerabilities. The Security Team and project
+			leaders may also&mdash;at their discretion&mdash;assemble external
+			resources (e.g. subject matter experts) or call on the expertise of
+			the Architecture Council.</p>
+		<a name="Distribution"></a>
+		<h2>Distribution</h2>
+		<p>Once a Vulnerability has been resolved, the updated software must
+			be made available to the community.</p>
+		<p>At a minimum, updated software is made available via normal project
+			distribution channels (e.g. downloads and update sites).</p>
+		<p>The planning council must be made aware of Vulnerabilities in
+			software that is part of the simultaneous release. The Planning
+			Council will determine whether or not a "respin" of the simultaneous
+			release repository and EPP packages is required. The Planning Council
+			will coordinate the timing of the "respin" with the Project
+			Leadership.</p>
+		<a name="Disclosure"></a>
+		<h2>Disclosure</h2>
+		<p>Disclosure is initially limited to the reporter and all Eclipse
+			Committers, but can be expanded to include other individuals.</p>
+		<p>All Vulnerabilities must be disclosed, regardless of the
+			resolution. Users and administrators of Eclipse software must made
+			aware that a vulnerability exists so they can assess risk, and take
+			the appropriate action to protect their users, servers and systems
+			from potential exploit.</p>
+		<a name="Timing"></a>
+		<h3>Timing</h3>
+		<p>The timing of disclosure is left to the discretion of the project
+			leadership, including the Project Lead(s), PMC, and EMO(ED). In the
+			absence of specific guidance from the project leadership, the
+			following guidelines are recommended:</p>
+		<ul>
+			<li>Vulnerabilities for which there is a patch, workaround or fix,
+				should be disclosed to the community immediately.</li>
+			<li>vulnerabilities--regardless of state--must be disclosed to the
+				community after a maximum three months.</li>
+		</ul>
+		<p>Vulnerabilities need not necessarily be resolved at the time of
+			disclosure.</p>
+		<a name="Quiet_Disclosure"></a>
+		<h3>Quiet Disclosure</h3>
+		<p>
+			A Vulnerability can be <i>quietly</i> disclosed by simply removing
+			the 'committers_only' flag. The bug's history will record that the
+			flag has been removed, and the bug will become visible for everyone
+			in searches.
+		</p>
+		<p>In general, quiet disclosure is appropriate only for bugs that are
+			identified by a committer as having been erroneously marked as
+			Vulnerabilities.</p>
+		<a name="Progressive_Disclosure"></a>
+		<h3>Progressive Disclosure</h3>
+		<p>Knowledge of a Vulnerability can be easily extended to individuals
+			by adding them to the "cc" list on the bug. A Vulnerability may--at
+			the discretion of the committer--be disclosed to specific
+			individuals. A committer may, for example, provide access to a
+			subject-matter expert to solicit help or advice. The Vulnerability
+			may also be disclosed to known adopters to allow them an opportunity
+			to mitigate their immediate risk and prepare for a forthcoming
+			resolution.</p>
+		<p>Contacts added to an unresolved Vulnerability must be individuals.
+			Groups (e.g. mailing lists)--with the exception of
+			security@eclipse.org--should never be copied on a Vulnerability bug.
+		</p>
+		<a name="Full_Disclosure"></a>
+		<h3>Full Disclosure</h3>
+		<p>All Vulnerabilities must ultimately be fully disclosed to the
+			community at large.</p>
+		<p>
+			All Vulnerabilities affecting projects that participate in the
+			Simultaneous Release must be reported to the Planning Council prior
+			to full disclosure to the community at large. Disclosure of a
+			Vulnerability must be coordinated with the distribution of the
+			updated software from the Project's own distribution channels, the
+			Simultaneous Release repository, and EPP packages (please see <a
+				href="#Distribution" title="">Distribution</a>.
+		</p>
+		<p>To complete the disclosure of a Vulnerability, the committers-only
+			flag must be removed from the bug and the 'security' keyword added.
+			Bugs in this state are automatically reported on the security page
+			and RSS feed.</p>
+		<a name="Escalation"></a>
+		<h3>Escalation</h3>
+		<p>
+			A security vulnerability may--at the discretion of the project
+			leadership--be escalated to a outside body such as <a
+				href="http://www.cert.org" class="external text"
+				title="http://www.cert.org" rel="nofollow">CERT</a>. The EMO can
+			provide assistance.
+		</p>
+	</div>
+</div>
+
+<?php
+	$html = ob_get_contents();
+	ob_end_clean();
+	
+	$App->generatePage('Nova', $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
+?>
\ No newline at end of file