improve security policy documentation

Cristy · Cristy · commit 41f13a727770 · 2023-09-02T16:21:45.000-04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,11 +1,11 @@
 # Security Policy
 
-It is strongly recommended to establish a [security policy](https://legacy.imagemagick.org/script/security-policy.php) suitable for your local environment before utilizing ImageMagick. There is also a [development container](https://containers.dev/) available in the `.devcontainer/security` folder that can be used to verify that the security issue can be reproduced with the latest source code and the suggested security policy.
+Creating a [security policy](https://legacy.imagemagick.org/script/security-policy.php) that fits your specific local environment before making use of ImageMagick is highly advised.
 
 ## Supported Versions
 
 We encourage users to upgrade to the latest ImageMagick release to ensure that all known security vulnerabilities are addressed.  On request, we can backport security fixes to other ImageMagick versions.
 
 ## Reporting a Vulnerability
 
-Before you post a vulnerability, first determine if the vulnerability can be mitigated by the security policy.  ImageMagick, by default, is open. Use the security policy to add constraints to meet the requirements of your local security governance.  If you feel confident that the security policy does not address the vulnerability, post the vulnerability as a [security advisory](https://github.com/ImageMagick/ImageMagick6/security/advisories/new).  Most vulnerabilities are reviewed and resolved within 48 hours.
+Before you post a vulnerability, first determine if the vulnerability can be mitigated by a properly curated security policy.  Frist, verify your policy using the [validation tool](https://imagemagick-secevaluator.doyensec.com/).  Next, use a [development container](https://containers.dev/), available in the `.devcontainer/security` folder, to verify that the security issue can be reproduced with the latest source code and your security policy.  If you feel confident that the security policy does not address the vulnerability, post the vulnerability as a [security advisory](https://github.com/ImageMagick/ImageMagick6/security/advisories/new).  Most vulnerabilities are reviewed and resolved within 48 hours.
