Update security policy

N2D4 · N2D4 · commit f1eaf4c2ccff · 2024-08-10T09:45:48.000-07:00
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -4,14 +4,12 @@
 
 Only the latest versions of Stack's server and client packages are supported. We do not provide security updates for older versions.
 
-## Reporting a Vulnerability
+If you would like to get security consulting regarding older versions of on-prem or self-hosted deployments of Stack, please [contact us](mailto:team@stack-auth.com).
 
-Stack Auth practices [responsible disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure).
+## Reporting a Vulnerability
 
-Please disclose security vulnerabilities responsibly by emailing us at responsible-disclosure@stack-auth.com. In this case:
+Stack Auth practices [responsible disclosure](https://en.wikipedia.org/wiki/Coordinated_vulnerability_disclosure). This helps us protect our users, but requires your cooperation.
 
-- We will get back to you within 96 hours.
-- We will aim to get a fix released within 30 days, and disclose the issue, crediting you.
-- If we are unable to fix the issue within 90 days, we will disclose the issue publicly.
+Please disclose security vulnerabilities responsibly by emailing us at security@stack-auth.com. In this case, we will get back to you within 96 hours, and aim to get a fix released as soon as possible. We will disclose the issue publicly after at most 90 days.
 
-Please do not create GitHub issues with security vulnerabilities; instead, email us directly at the address above.
+Hence, we ask you not to publicize issues until the 90 days deadline is over. Also, please do not create GitHub issues with security vulnerabilities; instead, email us directly at the address above.
