docs: improve security policies (#71)

gofrs · Jun 28, 2024 · 7e2658a · 7e2658a
1 parent 7fc77a2
commit 7e2658a
Showing 1 changed file with 10 additions and 11 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -2,21 +2,20 @@
 
 ## Supported Versions
 
-We support the latest version of this library. We do not guarantee support of previous versions. If a defect is reported, it will generally be fixed on the latest version 
-(provided it exists) irrespective of whether it was introduced in a prior version.
+We support the latest version of this library.
+We do not guarantee support of previous versions.
 
-## Reporting a Vulnerability
+If a defect is reported, it will generally be fixed on the latest version (provided it exists) irrespective of whether it was introduced in a prior version.
 
-If you discover a vulnerability against this package, please report it in the issues tab with a `vulnerability` label. We will examine promptly.
+## Reporting a Vulnerability
 
-If you would like to disclose the vulnerability privately, you may reach the maintainers in our [channel](https://gophers.slack.com/archives/CBP4N9BEU) on the gophers slack.
+To report a potential security vulnerability, please create a [security advisory](https://github.com/gofrs/flock/security/advisories/new).
 
-## Security Scorecard
+For us to respond to your report most effectively, please include any of the following:
 
-This project submits security [results](https://scorecard.dev/viewer/?uri=github.com/gofrs/flock) to the [OpenSSF Scorecard](https://securityscorecards.dev/). 
+- Steps to reproduce or a proof-of-concept
+- Any relevant information, including the versions used
 
-### Actively Maintained
+## Security Scorecard
 
-One heuristic these scorecards measure to gauge whether a package is safe for consumption is an "Actively Maintained" metric. Because this library implements UUIDs,
-it is very stable - there is not much maintenance required other than adding/updating newer UUID versions, keeping up to date with latest versions of Go, and responding
-to reported exploits. As a result, periods of low active maintenance are to be expected. 
+This project submits security [results](https://scorecard.dev/viewer/?uri=github.com/gofrs/flock) to the [OpenSSF Scorecard](https://securityscorecards.dev/).