From 674791a179ff02f69ed8ba3cb36effc9120d8226 Mon Sep 17 00:00:00 2001 From: Jacob Weisz Date: Fri, 13 Aug 2021 15:24:56 -0500 Subject: [PATCH] SECURITY.md: Clarify language of disclosure --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 638034762..3fe384227 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,4 +6,4 @@ Sandstorm operates on an evergreen release model. Only the latest release is con ## Reporting a Vulnerability -Please report security vulnerabilities to security@sandstorm.io for responsible disclosure. We ask that you hold disclosure for at least 90 days from disclosure or 48 hours from patch release, whichever is shorter. +Please report security vulnerabilities to security@sandstorm.io for responsible disclosure. We ask that you withhold public disclosure for at least 90 days after reporting the vulnerability or 48 hours after the release of fixed code which corrects the issue, whichever is shorter.