Added more details on resposible disclosure

ffdixon · ffdixon · commit 1f9e09018f95 · 2020-05-02T20:52:36.000-05:00
diff --git a/_posts/2015-04-05-faq.md b/_posts/2015-04-05-faq.md
@@ -191,7 +191,7 @@ After a (roughly) two week period in which no one has reported any issues for a
 
 BigBlueButton exists because many developers have contributed their time and expertise to its development.
 
-At first glance at the underlying architecture, BigBlueButton may seem complex, but it's not really once you get to know the system.  The BigBlueButton client is written in ActionScript.  The BigBlueButton server components are written in a combination of Java, Grails, and Scala.  You don't need to learn all these languages to help out, but you should be very comfortable programming in Java as ActionScript, Grails, and Scala are all similar to Java.
+At first glance at the underlying architecture, BigBlueButton may seem complex, but it's not really once you get to know the system.  The BigBlueButton client is written in Javascript.  The BigBlueButton server components are written in a combination of Java, Grails, and Scala.  You don't need to learn all these languages to help out, but you should be very comfortable programming in Java as JavaScript, Grails, and Scala are all similar to Java.
 
 Before you can contribute as a developer, you need to invest some time into understanding BigBlueButton's [architecture](/overview/architecture.html#architecture-overview), [components](/overview/architecture.html#overview), and how to setup a [development environment](/dev/setup.html).  The source code for BigBlueButton is hosted at [github](https://github.com/bigbluebutton/bigbluebutton), so you'll need to understand [how git works](http://git-scm.com/book) and the workflow for distributed software development.
 
@@ -270,10 +270,11 @@ For code written in Java, we follow the [Java Coding Convention](http://www.orac
 
 For documentation of code method -- especially those classes that provides an API to other classes -- should be documented using the [JavaDoc](http://www.oracle.com/technetwork/java/javase/documentation/index-137868.html) format.
 
-For Flex/ActionScript code, follow the [AsDoc](https://flex.apache.org/asdoc/) format.
-
 ## Where should I report potential security issues?
-You can email Fred Dixon, the product manager for BigBlueButton, at ffdixon .at. bigbluebutton .dot. org.
+If you think you've found a security issue with BigBlueButton, we ask that you do a [responsible disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure) and e-mail us direclty at security .at. bigbluebutton .dot. org.
+
+We will respond to you quickly, work with you to examine the scope of the issue, and give priority to fixing it as soon as possible.  
+
 
 # Installation
 
