Along the lines of Security vulnerability issues and RE: Zephyr SBOM Generator Fail (sort of), Where/how does Nordic notify about critical vulnerabilities found in silicon or SDK (Noridc code) stacks? I need to keep track of any that happen for CRA documentation.
