From cb3e3e3f6576d39f4fd53eb670ca03a3fe9e0131 Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Sat, 26 Feb 2022 18:14:23 -0800
Subject: [PATCH 1/2] doc: remove reference to obsolete security program

The ecosystem security program via HackerOne is no longer a thing.
Remove mention of it from SECURITY.md.
---
 SECURITY.md | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 8e5e3c4fe80815..ac1807a2483ea4 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -19,18 +19,6 @@ The Node.js project engages in an official bug bounty program for security
 researchers and responsible public disclosures.  The program is managed through
 the HackerOne platform. See <https://hackerone.com/nodejs> for further details.
 
-## Reporting a bug in a third party module
-
-Security bugs in third party modules should be reported to their respective
-maintainers and should also be coordinated through the Node.js Ecosystem
-Security Team via [HackerOne](https://hackerone.com/nodejs-ecosystem).
-
-Details regarding this process can be found in the
-[Security Working Group repository](https://github.com/nodejs/security-wg/blob/HEAD/processes/third_party_vuln_process.md).
-
-Thank you for improving the security of Node.js and its ecosystem. Your efforts
-and responsible disclosure are greatly appreciated and will be acknowledged.
-
 ## Disclosure policy
 
 Here is the security disclosure policy for Node.js

From 47a16b44be7365a8744484493c4c22adffda90a6 Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Sun, 27 Feb 2022 16:19:16 +0000
Subject: [PATCH 2/2] fixup! doc: remove reference to obsolete security program

---
 SECURITY.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index ac1807a2483ea4..b22301a1f1d556 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -19,6 +19,11 @@ The Node.js project engages in an official bug bounty program for security
 researchers and responsible public disclosures.  The program is managed through
 the HackerOne platform. See <https://hackerone.com/nodejs> for further details.
 
+## Reporting a bug in a third party module
+
+Security bugs in third party modules should be reported to their respective
+maintainers.
+
 ## Disclosure policy
 
 Here is the security disclosure policy for Node.js