From 0d1b6a7b1682f98839001287f5b4724f4a2ef154 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Wed, 31 Jan 2024 18:09:29 -0500
Subject: [PATCH] SECURITY: make conduct section, warn against weaponized PRs

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 SECURITY.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 3ef89aaf..721a60b0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -39,10 +39,12 @@ The following do not constitute security vulnerabilities in Homebrew:
 - security vulnerabilities in software used by but not written by Homebrew
 - nominal clickjacking and similar attacks against our static, GitHub Pages websites
 
-While researching, we'd like to ask you to refrain from:
+## Conduct
+
+While researching, we ask you to refrain from:
 
 - Denial of service
 - Spamming
 - Social engineering (including phishing) of Homebrew maintainers or contributors
 - Any physical attempts against Homebrew's machines
-
+- Testing discoveries on Homebrew's CI/CD or other services by filing public PRs containing weaknesses