From 7c5b2f2ca9dbb4bc2ff638fe09a11e332fb1123a Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <seth@python.org>
Date: Tue, 5 Sep 2023 17:31:55 -0500
Subject: [PATCH] Update security policy (#12254)

Provide a link to the CNA/PSRT disclosure process.
---
 SECURITY.md            | 11 +++++++++--
 news/12254.process.rst |  1 +
 2 files changed, 10 insertions(+), 2 deletions(-)
 create mode 100644 news/12254.process.rst

diff --git a/SECURITY.md b/SECURITY.md
index 4e423805a..e75a1c0de 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,3 +1,10 @@
-# Security and Vulnerability Reporting
+# Security Policy
 
-If you find any security issues, please report to [security@python.org](mailto:security@python.org)
+## Reporting a Vulnerability
+
+Please read the guidelines on reporting security issues [on the
+official website](https://www.python.org/dev/security/) for
+instructions on how to report a security-related problem to
+the Python Security Response Team responsibly.
+
+To reach the response team, email `security at python dot org`.
diff --git a/news/12254.process.rst b/news/12254.process.rst
new file mode 100644
index 000000000..e54690268
--- /dev/null
+++ b/news/12254.process.rst
@@ -0,0 +1 @@
+Added reference to `vulnerability reporting guidelines <https://www.python.org/dev/security/>`_ to pip's security policy.