Update SECURITY.md

A review of this document following a query re disclosure. Filled out the content and specifically called out our happiness to acknowledged those who responsibly disclose.
bcix · Nov 22, 2022 · 6e543b1 · 6e543b1
1 parent 5401c6a
commit 6e543b1
Showing 1 changed file with 14 additions and 5 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,5 +1,19 @@
 # Security Policy
 
+## Reporting a Vulnerability
+
+Thank you in advance for looking to responsibly report security issues. 
+
+Please contact us by email on [[email protected]]([email protected]) to report security issues or discuss security concerns. All security vulnerabilities will be promptly addressed.
+
+
+### Confidentiality and Acknowledgements
+
+We understand that some organisations do not wish to disclose their use of specific software for security reasons. If you do not wish to be named or achnowledged in the release notes where the security issue is addressed, please just state that and we will ensure your anonymity. 
+
+Likewise, we are delighted to achowledge and thank anyone who responsibly reports security issues to us. We usually do this in the release notes and related announcements. Please do let us know the appropriate attribution when you contact us so we can get it right!
+
+
 ## Supported Versions
 
 
@@ -10,8 +24,3 @@
 | 4.x.y   | :x:                |
 | < 4.0   | :x:                |
 
-## Reporting a Vulnerability
-
-Thank you in advance for looking to responsibly report security issues. 
-
-Please contact us by email on [[email protected]]([email protected]) to report security issues or discuss security concerns.