From 221093b350cc59a907d90ba1fa92c9a776bc976a Mon Sep 17 00:00:00 2001 From: Andrew Lytvynov Date: Fri, 28 Jul 2023 11:46:51 -0700 Subject: [PATCH] Apply suggestions from code review Co-authored-by: Maya Kaczorowski <15946341+mayakacz@users.noreply.github.com> --- incident-disclosure/index.md | 2 -- incident-response/index.md | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/incident-disclosure/index.md b/incident-disclosure/index.md index 467e840..723baee 100644 --- a/incident-disclosure/index.md +++ b/incident-disclosure/index.md @@ -29,8 +29,6 @@ We will **notify users directly** about a security vulnerability when we can con * User action is needed to fix the vulnerability, and it is a critical or high impact vulnerability; or * We can confirm that tailnet metadata or data was visible to an unauthorized party. -We respond to reported incidents, and resolve and determine impact as soon as possible. We do not provide guarantees on time to remediate. - ### How we notify users To disclose security vulnerabilities, Tailscale publishes security bulletins publicly for a broad audience at [https://tailscale.com/security-bulletins/](https://tailscale.com/security-bulletins/). These can be consumed directly, via RSS readers or via social media bot accounts. diff --git a/incident-response/index.md b/incident-response/index.md index 6292e62..ce0a51e 100644 --- a/incident-response/index.md +++ b/incident-response/index.md @@ -42,6 +42,6 @@ Tailscale’s Security Review Team reviews and responds to potential third-party If a suspected incident is detected, it should be responded to following the [Incident response process](http://go/incident-response-process). -We respond to reported incidents, and resolve and determine impact as soon as possible. We do not provide guarantees on time to remediate. +We respond to reported incidents, and resolve and determine impact as soon as possible. We aim to remediate incidents as soon as possible. Confirmed incidents may be disclosed publicly per our [disclosure policy](/security-policies/incident-disclosure/).