From 9803b13a72f6ab06f0986d816c1974f61d74c782 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrum@google.com>
Date: Fri, 17 Mar 2023 14:00:17 -0300
Subject: [PATCH 1/3] Create SECURITY.md

---
 SECURITY.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..c4af73e7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting Security Issues
+
+To report a security issue, please email
+[example@email.com](mailto:example@email.com)
+with a description of the issue, the steps you took to create the issue,
+affected versions, and, if known, mitigations for the issue.
+
+We will respond within 7 working days of your
+email. If the issue is confirmed as a vulnerability, we will open a
+Security Advisory and acknowledge your contributions as part of it. This project
+follows a 90 day disclosure timeline.

From 4c3fee222ff248c3bf802bb11c8df54d57a3fc9b Mon Sep 17 00:00:00 2001
From: Joyce <joycebrum@google.com>
Date: Fri, 17 Mar 2023 14:25:24 -0300
Subject: [PATCH 2/3] Update SECURITY.md to add email

---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index c4af73e7..0c1342c7 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,7 +1,7 @@
 # Reporting Security Issues
 
-To report a security issue, please email
-[example@email.com](mailto:example@email.com)
+To report a security issue, please email [alex.gaynor@gmail.com](mailto:alex.gaynor@gmail.com) or
+[lukasaoz@gmail.com](mailto:lukasaoz@gmail.com)
 with a description of the issue, the steps you took to create the issue,
 affected versions, and, if known, mitigations for the issue.
 

From b652e9204365a8f353b289b72d0f5d68bb86f06d Mon Sep 17 00:00:00 2001
From: Joyce <joycebrum@google.com>
Date: Mon, 20 Mar 2023 14:31:58 -0300
Subject: [PATCH 3/3] Disclose vulnerability on Github

---
 SECURITY.md | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 0c1342c7..efafe264 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,11 +1,6 @@
 # Reporting Security Issues
 
-To report a security issue, please email [alex.gaynor@gmail.com](mailto:alex.gaynor@gmail.com) or
-[lukasaoz@gmail.com](mailto:lukasaoz@gmail.com)
-with a description of the issue, the steps you took to create the issue,
-affected versions, and, if known, mitigations for the issue.
+To report a security issue, please disclose it at [security advisory](https://github.com/certifi/python-certifi/security/advisories/new).
+
+We will respond within 7 working days of your submission. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
 
-We will respond within 7 working days of your
-email. If the issue is confirmed as a vulnerability, we will open a
-Security Advisory and acknowledge your contributions as part of it. This project
-follows a 90 day disclosure timeline.