Direct security bugs to the security policy.

author: Brian Anderson <andersrb@gmail.com> 2015-11-06 14:05:19 -0800
committer: Brian Anderson <banderson@mozilla.com> 2015-11-06 21:56:40 -0800
commit: 0d0cb3bb6249c32a048f3cae93953db5a0551bd0 (patch)
tree: b3c8c26d0e4247d1238f2ba0cd897a1dbf6db4f2 /CONTRIBUTING.md
parent: b14dc5bc1c4a9a652364235822505d28ec25950a (diff)
download: rust-0d0cb3bb6249c32a048f3cae93953db5a0551bd0.tar.gz
rust-0d0cb3bb6249c32a048f3cae93953db5a0551bd0.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 515e6e18f70..a11e9a7d680 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -34,6 +34,9 @@ While bugs are unfortunate, they're a reality in software. We can't fix what we
 don't know about, so please report liberally. If you're not sure if something
 is a bug or not, feel free to file a bug anyway.
 
+**If you believe reporting your bug publicly represents a security risk to Rust users,
+please follow our [instructions for reporting security vulnerabilities](https://www.rust-lang.org/security.html)**.
+
 If you have the chance, before reporting a bug, please [search existing
 issues](https://github.com/rust-lang/rust/search?q=&type=Issues&utf8=%E2%9C%93),
 as it's possible that someone else has already reported your error. This doesn't
author	Brian Anderson <andersrb@gmail.com>	2015-11-06 14:05:19 -0800
committer	Brian Anderson <banderson@mozilla.com>	2015-11-06 21:56:40 -0800
commit	0d0cb3bb6249c32a048f3cae93953db5a0551bd0 (patch)
tree	b3c8c26d0e4247d1238f2ba0cd897a1dbf6db4f2 /CONTRIBUTING.md
parent	b14dc5bc1c4a9a652364235822505d28ec25950a (diff)
download	rust-0d0cb3bb6249c32a048f3cae93953db5a0551bd0.tar.gz rust-0d0cb3bb6249c32a048f3cae93953db5a0551bd0.zip