From 5d843699e21c056083e7a5c71016752dcb824a4b Mon Sep 17 00:00:00 2001 From: Aaron Crawfis Date: Wed, 28 Apr 2021 14:44:41 -0700 Subject: [PATCH] Simplify options --- .../en/operations/support/support-security-issues.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/daprdocs/content/en/operations/support/support-security-issues.md b/daprdocs/content/en/operations/support/support-security-issues.md index e8571d114..f11b1e756 100644 --- a/daprdocs/content/en/operations/support/support-security-issues.md +++ b/daprdocs/content/en/operations/support/support-security-issues.md @@ -10,10 +10,6 @@ The Dapr organization and team makes security a central focus of how we operate ## Reporting security issues -To report a security issue there are two options: -1. Disclose privately to the [Dapr Maintainers (dapr@dapr.io)](mailto:dapr@dapr.io?subject=[Security%20Disclosure]:%20ISSUE%20TITLE) - - Use this option if you find an issue in Dapr that needs to be patched ASAP. - - The Dapr maintainers will triage, patch, and send an annoucement within 30 days. -1. Report publicly via [GitHub issue](https://github.com/dapr/dapr/issues/new/choose) - - Use this option if there is a Dapr dependency or software package that needs to be patched or investigated (*eg. CodeCov disclosed a breach of their GitHub Action in April 2021). - - The Dapr maintainers will triage, resolve, and update the GitHub issue ASAP. Announcements will be made on a case-by-case basis. \ No newline at end of file +To report a security issue, please privately email the [Dapr Maintainers (dapr@dapr.io)](mailto:dapr@dapr.io?subject=[Security%20Disclosure]:%20ISSUE%20TITLE) + +The Dapr maintainers will triage and respond ASAP and then patch and send an annoucement within 30 days.