From 0fd4f2d0c801ece7a102927f1b9604b24936b8bd Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Fri, 19 Oct 2018 11:07:50 -0700
Subject: [PATCH] doc: revise security-reporting example text

Edit for simplicity and clarity.
---
 README.md | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 5c5848313acf77..540c0ed18c899c 100644
--- a/README.md
+++ b/README.md
@@ -175,17 +175,15 @@ nonetheless.
 ### Public disclosure preferred
 
 - [#14519](https://github.com/nodejs/node/issues/14519): _Internal domain
-  function can be used to cause segfaults_. Causing program termination using
-  either the public JavaScript APIs or the private bindings layer APIs requires
-  the ability to execute arbitrary JavaScript code, which is already the highest
-  level of privilege possible.
+  function can be used to cause segfaults_. Requires the ability to execute
+  arbitrary JavaScript code. That is already the highest level of privilege
+  possible.
 
 - [#12141](https://github.com/nodejs/node/pull/12141): _buffer: zero fill
-  Buffer(num) by default_. The buffer constructor behavior was documented,
-  but found to be prone to [mis-use](https://snyk.io/blog/exploiting-buffer/).
-  It has since been changed, but despite much debate, was not considered misuse
-  prone enough to justify fixing in older release lines and breaking our
-  API stability contract.
+  Buffer(num) by default_. The documented `Buffer()` behavior was prone to
+  [misuse](https://snyk.io/blog/exploiting-buffer/). It has since changed. It
+  was not deemed serious enough to fix in older releases and breaking API
+  stability.
 
 ### Private disclosure preferred