Improve "security reports" section in contribution docs.

Signed-off-by: Solomon Hykes <solomon@docker.com>
2014-11-09 15:16:19 +00:00 · 2014-11-09 15:16:19 +00:00 · 543127e211
parent d32d9300ed
commit 543127e211
1 changed files with 12 additions and 4 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -6,17 +6,25 @@ feels wrong or incomplete.

 ## Topics

-* [Security Reports](#security-reports)
+* [Reporting Security Issues](#reporting-security-issues)
 * [Design and Cleanup Proposals](#design-and-cleanup-proposals)
 * [Reporting Issues](#reporting-issues)
 * [Build Environment](#build-environment)
 * [Contribution Guidelines](#contribution-guidelines)
 * [Community Guidelines](#docker-community-guidelines)

-## Security Reports
+## Reporting Security Issues

-Please **DO NOT** file an issue for security related issues. Please send your
-reports to [security@docker.com](mailto:security@docker.com) instead.
+The Docker maintainers take security very seriously. If you discover a security issue,
+please bring it to their attention right away!
+
+Please send your report privately to [security@docker.com](mailto:security@docker.com),
+please **DO NOT** file a public issue.
+
+Security reports are greatly appreciated and we will publicly thank you for it. We also
+like to send gifts - if you're into Docker shwag make sure to let us know :)
+We currently do not offer a paid security bounty program, but are not ruling it out in
+the future.

 ## Design and Cleanup Proposals