diff --git a/docs/security/overview.md b/docs/security/overview.md
index a3920b2..fef2b85 100644
--- a/docs/security/overview.md
+++ b/docs/security/overview.md
@@ -29,17 +29,27 @@ At Progress, we work diligently to identify and fix security vulnerabilities in
 
 We value the contributions of security researchers and ethical hackers. If a researcher identifies a potential vulnerability, they can submit it via our [Bugcrowd](https://bugcrowd.com/engagements/devtools-vdp) platform. We aim to meet the following response times:
 
-| Type of Response | SLO (in business days) |
-|------------------|------------------------|
-| First Response    | 7 days                 |
-| Time to Triage    | 10 days                |
-| Time to Resolution| Depends on severity    |
+| Type of Response   | SLO (in business days)                                       |
+| ------------------ | ------------------------------------------------------------ |
+| First Response     | 7 days                                                       |
+| Time to Triage     | 10 days                                                      |
+| Time to Resolution | [Depends on severity](#vulnerability-remediation-guidelines) |
 
 For more information, visit:
 - [Bugcrowd Vulnerability Disclosure Program](https://bugcrowd.com/engagements/devtools-vdp)
 - [Progress Trust Center](https://www.progress.com/trust-center)
 - [Vulnerability Reporting Policy](https://www.progress.com/trust-center/vulnerability-reporting-policy)
 
+## Vulnerability Remediation Guidelines
+
+Progress follows defined timelines for remediating vulnerabilities based on their severity levels, ensuring a structured and efficient approach to maintaining security across all products. These guidelines are aligned with CVSS (Common Vulnerability Scoring System) scoring:
+
+-   **Critical scored issues (CVSS 9.0+):** Resolved within **30 days**.
+-   **High scored issues (CVSS 7.0–8.9):** Resolved within **60 days**.
+-   **Medium or lower scored issues (CVSS < 7):** Resolved within **90–120 days**, depending on the score.
+
+While these are not strict SLA (Service Level Agreement), they serve as a commitment to providing timely resolutions for identified vulnerabilities.
+
 ## What We Do to Mitigate Risk
 
 Our dedicated security team, comprised of experienced developers and security experts—our "Security Champions"—reviews all web, desktop, and mobile products technologies for potential vulnerabilities. These vulnerabilities may be internally identified, reported by third-party tools, or flagged externally.