Update reporting guidelines. (#763)

Co-authored-by: Michał Krassowski <[email protected]>

.github/workflows/validate.yml

@@ -85,7 +85,9 @@ jobs:
            --check-links-ignore ".github/images/netlify-preview.png" \
            --check-links-ignore ".*help.medium.com.*" \
            --check-links-ignore "https://twitter.com/.*" \
-           --check-links-ignore "https://jupytercon.com"
+           --check-links-ignore "https://jupytercon.com" \
+           --check-links-ignore "https://www.netapp.com" \
+           --check-links-ignore "https://github.com/[^/]+/?$"   # 429 too many requests checking GitHub user profiles in about.html
 
   lighthouse:
 

index.html

@@ -213,7 +213,7 @@
     - href: https://www.nasa.gov
       src: NASA.svg
       alt: NASA
-    - href: https://www.netapp.com/us/
+    - href: https://www.netapp.com/
       src: netapp.svg
       alt: NetApp
     - href: https://www.linkedin.com/company/nsite-llc/about/

security.md

@@ -12,7 +12,11 @@ of security issues.
 ## Reporting vulnerabilities
 
 If you believe you've found a security vulnerability in a [Jupyter Subproject](https://jupyter.org/governance/list_of_subprojects.html),
-please report it to [[email protected]](mailto:[email protected]).
+you can either:
+ - directly open a GitHub Security Advisory (GHSA) in the relevant repository
+ - report it to [[email protected]](mailto:[email protected]) if opening a GHSA is not possible, or you are unsure
+   where it will belong.
+
 If you prefer to encrypt your security reports,
 you can use [this PGP public key](assets/ipython_security.asc).