Security group issues compromise plan for vulnerability reporting