[EDI] Configuring private vulnerability reporting for a repository (#59584)

Author: mchammer01

content/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities.md

@@ -84,11 +84,16 @@ Private vulnerability reporting provides a secure, structured way for security r
 
 Without clear guidance on how to contact maintainers, security researchers may feel forced to disclose vulnerabilities publicly, such as by posting on social media, opening public issues, or contacting maintainers through informal channels, which can expose users to unnecessary risk. Private vulnerability reporting helps avoid these situations by offering a dedicated, private reporting workflow.
 
-For security researchers, private vulnerability reporting offers:
+For security researchers, the benefits of using private vulnerability reporting are:
 
-* Less frustration, and less time spent trying to figure out how to contact the maintainer.
-* A smoother process for disclosing and discussing vulnerability details.
-* The opportunity to discuss vulnerability details privately with the repository maintainer.
+* A clear, structured way to contact maintainers
+* A smoother process for disclosing and discussing vulnerability details
+* The ability to discuss vulnerability details privately with the repository maintainer
+* Reduced risk of vulnerability details being in the public eye before a fix is available
+
+For maintainers, the benefits of using private vulnerability reporting are:
+
+{% data reusables.security-advisory.private-vulnerability-reporting-benefits %}
 
 For more information for security researchers and repository maintainers, see [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability) and [AUTOTITLE](/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/managing-privately-reported-security-vulnerabilities), respectively.
 

content/code-security/how-tos/report-and-fix-vulnerabilities/configure-vulnerability-reporting/configuring-private-vulnerability-reporting-for-a-repository.md

@@ -15,14 +15,7 @@ redirect_from:
   - /code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository
 ---
 
-## About privately reporting a security vulnerability
-
-Security researchers often feel responsible for alerting users to a vulnerability that could be exploited. If there are no clear instructions about contacting maintainers of the repository containing the vulnerability, security researchers may have no other choice but to post about the vulnerability on social media, send direct messages to the maintainer, or even create public issues. This situation can potentially lead to a public disclosure of the vulnerability details.
-
-{% data reusables.security-advisory.private-vulnerability-reporting-overview %}
-
-For maintainers, the benefits of using private vulnerability reporting are:
-{% data reusables.security-advisory.private-vulnerability-reporting-benefits %}
+Enabling private vulnerability reporting gives security researchers a secure, structured way to disclose vulnerabilities directly in your repository. Once enabled, researchers can submit reports through  without resorting to public disclosure or informal channels. For background on private vulnerability reporting and how it fits into coordinated disclosure, see [AUTOTITLE](/code-security/concepts/vulnerability-reporting-and-management/about-coordinated-disclosure-of-security-vulnerabilities).
 
 The instructions in this article refer to enablement at repository level. For information about enabling the feature at organization level, see [AUTOTITLE](/code-security/security-advisories/working-with-repository-security-advisories/configuring-private-vulnerability-reporting-for-an-organization).
 

data/reusables/security-advisory/private-vulnerability-reporting-benefits.md

@@ -1,6 +1,4 @@
-* Less risk of being contacted publicly, or via undesired means.
-* Receive reports in the same platform you resolve them in for simplicity
-* The security researcher creates or at least initiates the advisory report on the behalf of maintainers.
-* Maintainers receive reports in the same platform as the one used to discuss and resolve the advisories.
-* Vulnerability less likely to be in the public eye.
-* The opportunity to discuss vulnerability details privately with security researchers and collaborate on the patch.
+* Receiving reports in the same platform where they are resolved
+* Security researchers creating or initiating the advisory report on behalf of maintainers
+* Reduced risk of vulnerabilities being in the public eye before a fix is available
+* The opportunity to discuss vulnerability details privately with security researchers and collaborate on the patch