From 209dbb6f7c8c71a4c4d8e6220b2cab781c747687 Mon Sep 17 00:00:00 2001
From: Trent Nelson <trent@solana.com>
Date: Thu, 11 Mar 2021 18:34:44 -0700
Subject: [PATCH] sec: Create private repo as part of new advisory step

---
 SECURITY.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 547dc9286..ce4783b56 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -60,8 +60,9 @@ followed to contain, respond and remediate:
 ### 1. Establish a new draft security advisory
 In response to an email to security@solana.com, a member of the `solana-labs/admins` group will
 1. Create a new draft security advisory for the incident at https://github.com/solana-labs/solana/security/advisories
-2. Add the reporter's github user and the `solana-labs/security-incident-response` group to the draft security advisory
-3. Respond to the reporter by email, sharing a link to the draft security advisory
+1. Add the reporter's github user and the `solana-labs/security-incident-response` group to the draft security advisory
+1. Create a private fork of the repository (grey button towards the bottom of the page)
+1. Respond to the reporter by email, sharing a link to the draft security advisory
 
 ### 2. Triage
 Within the draft security advisory, discuss and determine the severity of the