From 1945771f37ae213176fb5e6ab21223f237d99c6a Mon Sep 17 00:00:00 2001
From: Zeke Sikelianos <zeke@sikelianos.com>
Date: Mon, 30 Jan 2017 10:49:17 -0800
Subject: [PATCH 1/2] Add SECURITY.md

---
 SECURITY.md               | 9 +++++++++
 docs/tutorial/security.md | 5 +++++
 2 files changed, 14 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..ff2f101842
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Reporting Security Issues
+
+The Electron team and community take security bugs in Electron seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
+
+To report a security issue, email [electron@github.com](mailto:electron@github.com) and include the word "SECURITY" in the subject line.
+
+The Electron team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+
+Report security bugs in third-party modules to the person or team maintaining the module. You can also report a vulnerability through the [Node Security Project](https://nodesecurity.io/report).
diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
index 6962f79256..356ebf68f5 100644
--- a/docs/tutorial/security.md
+++ b/docs/tutorial/security.md
@@ -20,6 +20,11 @@ display primarily local content (or trusted, secure remote content without Node
 integration) – if your application executes code from an online source, it is
 your responsibility to ensure that the code is not malicious.
 
+## Disclosing Security Vulnerabilities
+
+For information on how to properly disclose an Electron vulnerability,
+see [SECURITY.md](https://github.com/electron/electron/tree/master/SECURITY.md)
+
 ## Chromium Security Issues and Upgrades
 
 While Electron strives to support new versions of Chromium as soon as possible,

From f0882a505820e4ae774e5f5f654a5c16cdf14ae0 Mon Sep 17 00:00:00 2001
From: Zeke Sikelianos <zeke@sikelianos.com>
Date: Mon, 30 Jan 2017 10:57:53 -0800
Subject: [PATCH 2/2] use consistent headings

---
 docs/tutorial/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/tutorial/security.md b/docs/tutorial/security.md
index 356ebf68f5..47fe218f55 100644
--- a/docs/tutorial/security.md
+++ b/docs/tutorial/security.md
@@ -20,7 +20,7 @@ display primarily local content (or trusted, secure remote content without Node
 integration) – if your application executes code from an online source, it is
 your responsibility to ensure that the code is not malicious.
 
-## Disclosing Security Vulnerabilities
+## Reporting Security Issues
 
 For information on how to properly disclose an Electron vulnerability,
 see [SECURITY.md](https://github.com/electron/electron/tree/master/SECURITY.md)