doc: clarify reports are only evaluated on active versions

nodejs · Mar 31, 2023 · 064437a · 064437a
1 parent b74b9dd
commit 064437a
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -31,9 +31,10 @@ maintainers.
 Here is the security disclosure policy for Node.js
 
 * The security report is received and is assigned a primary handler. This
-  person will coordinate the fix and release process. The problem is confirmed
-  and a list of all affected versions is determined. Code is audited to find
-  any potential similar problems. Fixes are prepared for all releases which are
+  person will coordinate the fix and release process. The problem is validated
+  against all active Node.js versions. Once confirmed a list of all affected
+  versions is determined. Code is audited to find any potential similar
+  problems. Fixes are prepared for all releases which are
   still under maintenance. These fixes are not committed to the public
   repository but rather held locally pending the announcement.