SECURITY.md: clarify the use of AI

author Christian Brabandt <cb@256bit.org>

Wed, 1 Apr 2026 10:33:42 +0000 (10:33 +0000)

committer Christian Brabandt <cb@256bit.org>

Wed, 1 Apr 2026 10:33:42 +0000 (10:33 +0000)
author Christian Brabandt <cb@256bit.org>
Wed, 1 Apr 2026 10:33:42 +0000 (10:33 +0000)
committer Christian Brabandt <cb@256bit.org>
Wed, 1 Apr 2026 10:33:42 +0000 (10:33 +0000)
diff --git a/SECURITY.md b/SECURITY.md

index 7d1e0166c9c19379b3dfcfbe79a7628aa68e2cd2..9d1ecf35abca59b4562707f40f01568ee0535827 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,9 +2,16 @@
  
  ## Reporting a vulnerability
  
-If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
-vim-security@googlegroups.com
-
-This is a private list, read only by the maintainers, but anybody can post, after moderation.
+If you want to report a security issue, please privately disclose the issue either via:
+- The vim-security mailing list: vim-security@googlegroups.com  
+  This is a private list, read only by the maintainers, but anybody can post.
+- [GitHub Security Advisories](https://github.com/vim/vim/security/advisories/new)
  
  **Please don't publicly disclose the issue until it has been addressed by us.**
+
+## Guidelines for reporting
+- Clearly explain **why** the behaviour is a security issue, not just that a bug exists.
+- Keep reports concise and focused.
+- Do not flood us with a list of issues. Report them one by one to ensure to not overwhelm us with the work load.
+- Do **not** submit AI-generated reports without carefully reviewing them first. Low-quality or
+  speculative reports waste maintainer time and will be closed without action, and repeat offenders **will be banned**.
author	Christian Brabandt <cb@256bit.org>
	Wed, 1 Apr 2026 10:33:42 +0000 (10:33 +0000)
committer	Christian Brabandt <cb@256bit.org>
	Wed, 1 Apr 2026 10:33:42 +0000 (10:33 +0000)