Update security guidelines to point to new reporting page (SkriptLang…

…#5469)
skUnity · Feb 21, 2023 · 2abab67 · 2abab67
1 parent 695a94e
commit 2abab67
Showing 1 changed file with 4 additions and 7 deletions.
diff --git a/security.md b/security.md
@@ -3,15 +3,12 @@ See also [code conventions](code-conventions.md); there are a few guidelines
 about security of added code there.
 
 ## Reporting security issues
-Security issues may be reported to core team members privately e.g. on Discord.
-Note that this applies *only* to security issues; everything else should still
-be posted to issue tracker.
+Security issues may be reported via the GitHub private vulnerability reporting feature [here](https://github.com/SkriptLang/Skript/security/advisories/new).
+Note that this applies *only* to security issues; everything else should still be posted to issue tracker.
 
-Publicly posting security issues is also allowed, because not everyone has or
-wants a Discord account. We may add other channels for private reports in
-future.
+Please avoid publicly posting or discussing security issues that don't have a fix available yet.
 
 ## Team guidelines
 Everyone with push access must use two-factor authentication for their Github
 accounts. Should their account still be compromised, other team members should
-be immediately notified via Discord.
+be immediately notified via Discord.