From 00e02bda3aec6d592c2b92312a6ba0ec529d32fb Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Tue, 1 Nov 2022 12:02:21 -0400
Subject: [PATCH] doc: allow for holidays in triage response

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: https://github.com/nodejs/node/pull/45267
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
---
 SECURITY.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 57943ce969e20b..34740622bf543f 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,9 +4,11 @@
 
 Report security bugs in Node.js via [HackerOne](https://hackerone.com/nodejs).
 
-Your report will be acknowledged within 5 days, and you'll receive a more
-detailed response to your report within 10 days indicating the next steps in
-handling your submission.
+Normally your report will be acknowledged within 5 days, and you'll receive
+a more detailed response to your report within 10 days indicating the
+next steps in handling your submission. These timelines may extend when
+our triage volunteers are away on holiday, particularly at the end of the
+year.
 
 After the initial reply to your report, the security team will endeavor to keep
 you informed of the progress being made towards a fix and full announcement,