From d5a4de2d98d31fe25b8420cd34d7f1591d234603 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Sun, 19 Mar 2023 17:57:26 +1100
Subject: [PATCH] docs: misc fixes (#5088)

---
 SECURITY.md                            | 9 +++++++--
 docs/content/en/information/contact.md | 7 ++++---
 docs/content/en/policies/security.md   | 9 +++++++--
 3 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index dd0c8fa2f..3b4bad816 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -66,8 +66,13 @@ with the `Core Team` role.
 5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
    image, and git patch.
 6. The patch is confirmed to resolve the vulnerability.
-7. The fix is released.
-8. The [security advisory] is published sometime after users have had a chance to update.
+7. The fix is released and users are notified that they should update urgently.
+8. The [security advisory] is published when (whichever happens sooner):
+   - The CVE details are published by [MITRE], [NIST], etc.
+   - Roughly 7 days after users have been notified the update is available.
+
+[MITRE]: https://www.mitre.org/
+[NIST]: https://www.nist.gov/
 
 ## Credit
 
diff --git a/docs/content/en/information/contact.md b/docs/content/en/information/contact.md
index 8d5fe7619..2a93d31f7 100644
--- a/docs/content/en/information/contact.md
+++ b/docs/content/en/information/contact.md
@@ -26,9 +26,10 @@ informational page.
 The [GitHub Discussions](https://github.com/authelia/authelia/discussions) forum is the correct location to discus
 anything that is not a bug or feature request such as:
 
-- Ideas about
-If you have a general question or want to discuss an idea that you're not entirely sure about out please visit
-[GitHub Discussions](https://github.com/authelia/authelia/discussions) and start a new discussion.
+- Ideas about future features where it's not clear most people can use it (allows users to vote on it)
+- Questions / Support Requests
+- Sharing configuration or utilization ideas (i.e. show your setup) for things that are not obvious
+- Any issue you're experiencing that may or may not be a bug (i.e you're unsure if it's a bug)
 
 ### Issues
 
diff --git a/docs/content/en/policies/security.md b/docs/content/en/policies/security.md
index f3f45c2a7..4ada7ef6b 100644
--- a/docs/content/en/policies/security.md
+++ b/docs/content/en/policies/security.md
@@ -71,8 +71,13 @@ The core team members are identified in [Matrix](../information/contact.md#matri
 5. The vulnerability is patched, and if possible the user reporting the bug is given access to a fixed binary, docker
    image, and git patch.
 6. The patch is confirmed to resolve the vulnerability.
-7. The fix is released.
-8. The [security advisory] is published sometime after users have had a chance to update.
+7. The fix is released and users are notified that they should update urgently.
+8. The [security advisory] is published when (whichever happens sooner):
+  - The CVE details are published by [MITRE], [NIST], etc.
+  - Roughly 7 days after users have been notified the update is available.
+
+[MITRE]: https://www.mitre.org/
+[NIST]: https://www.nist.gov/
 
 ## Credit