Updated vulnerability alerting and reporting

jeffyactive · jeffyactive · commit c68a8f0537d9 · 2023-10-16T21:05:14.000-04:00
diff --git a/README.md b/README.md
@@ -149,8 +149,6 @@ Security
 
 Consult our [security policy](SECURITY.md) for best practices using this open source software and to report vulnerabilities.
 
-[![Known Vulnerabilities](https://snyk.io/test/github/reelyactive/advlib/badge.svg)](https://snyk.io/test/github/reelyactive/advlib)
-
 
 License
 -------
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,24 +4,18 @@ Using reelyActive open source software securely
 If you're reading this, it is likely because you take open source software security seriously.  _Thank you!_
 
 
-Observe best practices
-----------------------
-
-We are currently compiling an open source software security best practices document.  Link to come.
-
-
 Keep up to date
 ---------------
 
-Unless otherwise specified, it is recommended to regularly update to the most recent version of this software package, and to review the security test results, ideally automating this process and including an alerting feature.
-
-Observe the [vulnerabilities badge](README.md#security) on the project README page and follow the link to consult independent test results by [snyk.io](https://snyk.io) of the latest commit.
+Unless otherwise specified, it is recommended to regularly update to the most recent version of this software package, and to review the security test results, including any [Dependabot alerts](https://docs.github.com/code-security/dependabot/dependabot-alerts) listed under the Security tab of this GitHub repository, ideally automating this process and including an alerting feature.
 
 
 Disclose a vulnerability
 ------------------------
 
-Should you discover a novel security issue or vulnerability, kindly __report your findings to security@reelyactive.com__, and provide sufficient detail to effectively address, if not resolve, the issue.  Kindly also provide a means of contact should additional detail be required, _and also so we can return our thanks!_
+Should you discover a novel security issue or vulnerability, kindly __report your findings privately__, either to __security@reelyactive.com__, or with the __Report a vulnerability__ feature under the Security tab of this GitHub repository.
+
+Kindly provide sufficient detail to effectively address, if not resolve, the issue, as well as a means of contact should additional detail be required, _and so that we may return our thanks!_
 
 
 These security guidelines were drafted by [the reelyActive team](https://www.reelyactive.com/team/) and we invite you to adapt them for your own projects under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/).
