diff --git a/docs/src/security-responses/log4shell.rst b/docs/src/security-responses/2021-12-15_log4shell.rst
similarity index 100%
rename from docs/src/security-responses/log4shell.rst
rename to docs/src/security-responses/2021-12-15_log4shell.rst
diff --git a/docs/src/security-responses/cve-2021-44521.md b/docs/src/security-responses/2022-02-21_cve-2021-44521.md
similarity index 100%
rename from docs/src/security-responses/cve-2021-44521.md
rename to docs/src/security-responses/2022-02-21_cve-2021-44521.md
diff --git a/docs/src/security-responses/2022-05_website_outage.md b/docs/src/security-responses/2022-05-23_website_outage.md
similarity index 100%
rename from docs/src/security-responses/2022-05_website_outage.md
rename to docs/src/security-responses/2022-05-23_website_outage.md
diff --git a/docs/src/security-responses/2022-11-01_openssl.md b/docs/src/security-responses/2022-11-01_openssl.md
new file mode 100644
index 0000000000..b20fef1366
--- /dev/null
+++ b/docs/src/security-responses/2022-11-01_openssl.md
@@ -0,0 +1,27 @@
+# 2022-11-01 - High Severity Vulnerability in OpenSSL
+
+Last updated: 2022-11-01
+
+## Introduction
+OpenSSL in versions after 3 and before 3.0.7 are potentially vulnerable against CVE-2022-3786 and CVE-2022-3602.
+
+In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects.
+Wire applications perform such requests to TLS servers and Wire-Servers may also accept connections authenticated by client certificates.
+
+## Are Wire installations affected?
+
+**Wire/wire-server (<= 2022-10-04) is not affected by this vulnerability.** Neither Wire-server on the cloud (on wire.com) nor on-premise installations are affected.
+
+Only OpenSSL prior to version 3 is affected, all wire-server components use OpenSSL 1.1.1.
+
+## Are Wire clients affected?
+
+**Wire clients are not affected by this vulnerability.**
+
+Wire clients for **Android** (<= 3.82.38) and **iOS** (<= 3.106) and don’t use OpenSSL. These Wire clients use only libsodium for cryptographic operations.
+
+The Wire **Webapp** (<= 2022.10.12.08.31) and **Desktop** (<= 3.29) clients make use of OpenSSL 1.1.1 but not OpenSSL 3.
+
+## Further information
+* CVE-2022-3602 was initialy rated *critical* and then downgaded to *high*
+* Additional details can be found in the [Security Advisory of OpenSSL](https://www.openssl.org/news/secadv/20221101.txt)
diff --git a/docs/src/security-responses/index.rst b/docs/src/security-responses/index.rst
index 936817d96d..1c1e3077c0 100644
--- a/docs/src/security-responses/index.rst
+++ b/docs/src/security-responses/index.rst
@@ -11,5 +11,6 @@ Security responses
 .. toctree::
    :maxdepth: 1
    :glob:
+   :reversed:
 
    *