This could be solved by renaming the new type “Vulnerability”: it’s a bug that concerns security. For me this type should be only about that. We should still use the label security when an improvment is about improving security or when a new feature is about security (e.g. 2 FA)
If we do this only for intigriti I agree it doesn’t worth keeping it. Now I do like the idea of ease life of external reports to create tickets related to a security vulnerability and to ensure they don’t forget to set the confidentiality level.
Also I believe it will ease our life to keep track of them as the filters will be easier to maintain. And finally I also think we could on the long term have maybe some better creation template for this specific type to help setting right away important information. But that could be done later.
So all in all I’d be in favor of keeping the new type and moving our existing issues to this type.