From ed9efc2fb0d13eb2aef245a6912e2363ffc3e31d Mon Sep 17 00:00:00 2001
From: Marina Moore <mnm678@gmail.com>
Date: Fri, 11 Nov 2022 11:54:32 -0500
Subject: [PATCH 1/2] use Github's vulnerability reporting

Signed-off-by: Marina Moore <mnm678@gmail.com>
---
 docs/SECURITY.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
index 8b5859c8..3a9d55b9 100644
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -8,7 +8,8 @@ You may report issues for the most recent version of go-tuf. We will not retroac
 
 ## Reporting a Vulnerability
 
-If you discover a potential security issue in this project we ask that you notify the go-tuf maintainers via our [vulnerability reporting form](https://forms.gle/ShM4s3mLbUAx5QHo8). At the minimum, the report must contain the following:
+If you discover a potential security issue in this project we ask that you notify the go-tuf maintainers via [Github's private reporting feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). At the minimum, the report must contain the following:
+
 * A description of the issue.
 * A specific version or commit SHA of `go-tuf` where the issue reproduces.
 * Instructions to reproduce the issue.

From e1770add05a79944e05dfaba7f5410854e47a617 Mon Sep 17 00:00:00 2001
From: Marina Moore <mnm678@users.noreply.github.com>
Date: Tue, 15 Nov 2022 11:58:49 -0500
Subject: [PATCH 2/2] Update docs/SECURITY.md

Co-authored-by: Joshua Lock <jlock@vmware.com>
Signed-off-by: Marina Moore <mnm678@users.noreply.github.com>
---
 docs/SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/SECURITY.md b/docs/SECURITY.md
index 3a9d55b9..eb26fed7 100644
--- a/docs/SECURITY.md
+++ b/docs/SECURITY.md
@@ -8,7 +8,7 @@ You may report issues for the most recent version of go-tuf. We will not retroac
 
 ## Reporting a Vulnerability
 
-If you discover a potential security issue in this project we ask that you notify the go-tuf maintainers via [Github's private reporting feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). At the minimum, the report must contain the following:
+If you discover a potential security issue in this project we ask that you notify the go-tuf maintainers via [Github's private reporting feature](https://github.com/theupdateframework/go-tuf/security/advisories/new) (requires being signed in to GitHub). At the minimum, the report must contain the following:
 
 * A description of the issue.
 * A specific version or commit SHA of `go-tuf` where the issue reproduces.