Update apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md

mcollina · web-flow · commit 1112eb4f8308 · 2025-04-22T21:42:46.000+02:00
Signed-off-by: Matteo Collina &lt;matteo.collina@gmail.com&gt;
diff --git a/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md b/apps/site/pages/en/blog/vulnerability/march-2025-ci-incident.md
@@ -63,7 +63,7 @@ The existing CI system design anticipates potential compromises, recognizing the
 
 ## Volunteer Organization
 
-As a volunteer-driven organization, such security incidents significantly disrupt our operational capabilities. We **strongly recommend** that security researchers **avoid** unauthorized attempts to breach our systems. Instead, please coordinate responsibly through our official HackerOne program.
+As a volunteer-driven organization, we rely on people dedicating their time to work on unglamorous tasks, such as hardening CI, handling security reports, and assembling releases. Even good-faith research against our live systems could significantly disrupt our operations. As always, we welcome all sorts of contributions, including penetration testing. We ask researchers to give us a heads up on what they are attempting to do on live systems and to keep an auditable record of their actions through our HackerOne program or by contacting the Node.js Technical Steering Committee directly (tsc@iojs.org). More on that in our [SECURITY.md](https://github.com/nodejs/node/blob/main/SECURITY.md) file.
 
 ---
 

-Original file line number
+Diff line change
 ## Volunteer Organization
 -As a volunteer-driven organization, such security incidents significantly disrupt our operational capabilities. We **strongly recommend** that security researchers **avoid** unauthorized attempts to breach our systems. Instead, please coordinate responsibly through our official HackerOne program.
 +As a volunteer-driven organization, we rely on people dedicating their time to work on unglamorous tasks, such as hardening CI, handling security reports, and assembling releases. Even good-faith research against our live systems could significantly disrupt our operations. As always, we welcome all sorts of contributions, including penetration testing. We ask researchers to give us a heads up on what they are attempting to do on live systems and to keep an auditable record of their actions through our HackerOne program or by contacting the Node.js Technical Steering Committee directly ([email protected]). More on that in our [SECURITY.md](https://github.com/nodejs/node/blob/main/SECURITY.md) file.
 ---