doc: mention the anti-spam bypass in security.html

We had some issues with reports being marked as spam, so I added a
filter to never mark as spam something that mentions the word
"vulnerability". We get too much spam at that address to disable the
filter entirely, so instead meantion the bypass in the docs.

Change-Id: Idb4dabcf51a9dd8234a2d571cd020c970b0a582c
Reviewed-on: https://go-review.googlesource.com/c/go/+/205538
Reviewed-by: Katie Hockman <katie@golang.org>

diff --git a/doc/security.html b/doc/security.html
index b334963222ac05e57a83729fa0f08a0c4b4c0d81..172aea4bc7aeb6f573a32c9ad50fd229d6a0b2a5 100644 (file)
--- a/doc/security.html
+++ b/doc/security.html
@@ -24,7 +24,11 @@ For critical problems, you can encrypt your report using our PGP key (listed bel
 </p>
 
 <p>
-Please use a descriptive subject line for your report email.
+To ensure your report is not marked as spam, please include the word "vulnerability"
+anywhere in your email. Please use a descriptive subject line for your report email.
+</p>
+
+<p>
 After the initial reply to your report, the security team will endeavor to keep
 you informed of the progress being made towards a fix and full announcement.
 These updates will be sent at least every five days.