From 459e54c8ce9d28b06801765671fc61d5a7361c4a Mon Sep 17 00:00:00 2001
From: Gerald Versluis <gerald.versluis@microsoft.com>
Date: Thu, 9 Jan 2025 14:04:13 +0100
Subject: [PATCH 1/2] Move SECURITY.md to .github folder

---
 SECURITY.md => .github/SECURITY.md         | 0
 eng/pipelines/azure-pipelines-internal.yml | 1 -
 eng/pipelines/device-tests.yml             | 2 --
 eng/pipelines/handlers.yml                 | 2 --
 eng/pipelines/maui-release.yml             | 1 -
 eng/pipelines/ui-tests.yml                 | 2 --
 6 files changed, 8 deletions(-)
 rename SECURITY.md => .github/SECURITY.md (100%)

diff --git a/SECURITY.md b/.github/SECURITY.md
similarity index 100%
rename from SECURITY.md
rename to .github/SECURITY.md
diff --git a/eng/pipelines/azure-pipelines-internal.yml b/eng/pipelines/azure-pipelines-internal.yml
index 2d9200eedb2d..4b7a8ca2b31a 100644
--- a/eng/pipelines/azure-pipelines-internal.yml
+++ b/eng/pipelines/azure-pipelines-internal.yml
@@ -18,7 +18,6 @@ trigger:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 schedules:
diff --git a/eng/pipelines/device-tests.yml b/eng/pipelines/device-tests.yml
index cbce9c2ef57f..9abc88f86e38 100644
--- a/eng/pipelines/device-tests.yml
+++ b/eng/pipelines/device-tests.yml
@@ -20,7 +20,6 @@ trigger:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 pr:
@@ -42,7 +41,6 @@ pr:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 variables:
diff --git a/eng/pipelines/handlers.yml b/eng/pipelines/handlers.yml
index 4990e8b40544..90e51741b6c9 100644
--- a/eng/pipelines/handlers.yml
+++ b/eng/pipelines/handlers.yml
@@ -19,7 +19,6 @@ trigger:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 pr:
@@ -41,7 +40,6 @@ pr:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 variables:
diff --git a/eng/pipelines/maui-release.yml b/eng/pipelines/maui-release.yml
index 693e4d1b89d9..4c16935441ff 100644
--- a/eng/pipelines/maui-release.yml
+++ b/eng/pipelines/maui-release.yml
@@ -18,7 +18,6 @@ trigger:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 schedules:
diff --git a/eng/pipelines/ui-tests.yml b/eng/pipelines/ui-tests.yml
index 2401c51c8427..5e97a02b6765 100644
--- a/eng/pipelines/ui-tests.yml
+++ b/eng/pipelines/ui-tests.yml
@@ -19,7 +19,6 @@ trigger:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 pr:
@@ -39,7 +38,6 @@ pr:
     - LICENSE.TXT
     - PATENTS.TXT
     - README.md
-    - SECURITY.md
     - THIRD-PARTY-NOTICES.TXT
 
 variables:

From 18238e00a5d788657fcde529cb3e738717c7789a Mon Sep 17 00:00:00 2001
From: Gerald Versluis <gerald.versluis@microsoft.com>
Date: Thu, 9 Jan 2025 14:09:12 +0100
Subject: [PATCH 2/2] Updated SECURITY.md text

---
 .github/SECURITY.md | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 762ff98a9464..96d73bc27c22 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1,20 +1,24 @@
-<!-- BEGIN MICROSOFT SECURITY.MD V0.0.1 BLOCK -->
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.9 BLOCK -->
 
 ## Security
 
-Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [many more](https://opensource.microsoft.com/).
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet) and [Xamarin](https://github.com/xamarin).
 
-If you believe you have found a security vulnerability in any Microsoft-owned repository that meets Microsoft's [definition](https://docs.microsoft.com/en-us/previous-versions/tn-archive/cc751383(v=technet.10)) of a security vulnerability, please report it to us as described below.
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://aka.ms/security.md/definition), please report it to us as described below.
 
 ## Reporting Security Issues
 
-**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them to the Microsoft Security Response Center at [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://technet.microsoft.com/en-us/security/dn606155).
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://aka.ms/security.md/msrc/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://aka.ms/security.md/msrc/pgp).
 
 You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
 
 Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
 
-  * Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
   * Full paths of source file(s) related to the manifestation of the issue
   * The location of the affected source code (tag/branch/commit or direct URL)
   * Any special configuration required to reproduce the issue
@@ -24,14 +28,14 @@ Please include the requested information listed below (as much as you can provid
 
 This information will help us triage your report more quickly.
 
-Reports via MSRC may qualify for the .NET Core Bug Bounty. Details of the .NET Core Bug Bounty including terms and conditions are at https://aka.ms/corebounty.
- 
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://aka.ms/security.md/msrc/bounty) page for more details about our active programs.
+
 ## Preferred Languages
 
 We prefer all communications to be in English.
 
 ## Policy
 
-Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/en-us/msrc/cvd).
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://aka.ms/security.md/cvd).
 
-<!-- END MICROSOFT SECURITY.MD BLOCK -->
+<!-- END MICROSOFT SECURITY.MD BLOCK -->
\ No newline at end of file