doc: simplify security reporting text

Edit security-reporting text in the README to keep it concise and straightforward. The removed text may discourage reporting. Nothing like it appears in similar security-reporting text that I have reviewed. See, for example, the Linux kernel docs on security reporting: https://www.kernel.org/doc/html/v4.11/admin-guide/security-bugs.html PR-URL: https://github.com/nodejs/node/pull/23686 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
2018-10-15 22:25:28 -07:00 · 2018-10-15 22:25:28 -07:00 · d22ec11e4d
commit d22ec11e4d
parent 72a48a2a0a
1 changed files with 4 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -166,15 +166,10 @@ team has addressed the vulnerability.
 The security team will acknowledge your email within 24 hours. You will receive
 a more detailed response within 48 hours.

-There are no hard and fast rules to determine if a bug is worth reporting as
-a security issue. The general rule is an issue worth reporting should allow an
-attacker to compromise the confidentiality, integrity, or availability of the
-Node.js application or its system for which the attacker does not already have
-the capability.
-
-To illustrate the point, here are some examples of past issues and what the
-Security Response Team thinks of them. When in doubt, however, please do send
-us a report nonetheless.
+There are no hard and fast rules to determine if a bug is worth reporting as a
+security issue. Here are some examples of past issues and what the Security
+Response Team thinks of them. When in doubt, please do send us a report
+nonetheless.


 ### Public disclosure preferred