feat: better guide for security reports

WeblateOrg · Jan 6, 2025 · 8779b67 · 8779b67
1 parent 2928212
commit 8779b67
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -12,9 +12,18 @@ The Weblate team takes security and related transparency very seriously.
 We welcome any peer review of our 100% open-source code to ensure nobody's Weblate
 is ever compromised or hacked.
 
-Information about practices for reporting and fixing security issues is described
-in [our documentation][1] and on [our page at HackerOne][2]. This ensures all
-vulnerabilities are solved securely, quickly, and transparently.
+If you think you have identified a security issue with a Weblate project, **do
+not open a public issue**.
+
+To responsibly report a security issue, please navigate to the Security tab for
+the repo and click “Report a vulnerability.”
+
+Be sure to include as much detail as necessary in your report. As with
+reporting normal issues, a minimal reproducible example will help the
+maintainers address the issue faster.
+
+More information about practices for reporting and fixing security issues is
+described in [our documentation][1]. This ensures all vulnerabilities are
+solved securely, quickly, and transparently.
 
 [1]: https://docs.weblate.org/en/latest/contributing/issues.html#security
-[2]: https://hackerone.com/weblate