From ee840d4a4dedca66c9f37e82bf3dacc6452bf8fe Mon Sep 17 00:00:00 2001
From: Vinzent Steinberg <Vinzent.Steinberg@gmail.com>
Date: Sat, 1 Aug 2020 20:43:50 +0200
Subject: [PATCH] Add some minimal guideline about GHSA (#347)

Fixes #345.
---
 CONTRIBUTING.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 92b275f..16ea8f4 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,6 +19,9 @@ Feel free to do either or both of these as you see fit (we recommend you do both
 
 4. [Yank] the affected versions of the crate.
 5. Request a CVE for your vulnerability: https://iwantacve.org/
+   Alternatively, you can create a GitHub Security Advisory (GHSA) and let them request
+   a CVE for you. In this case, you can add the GHSA ID to the RustSec advisory via the
+   `aliases` field.
 
 ## Criteria