blog: clarify contact method for low signal researchers

[UlisesGascon]

Ref: https://openjs-foundation.slack.com/archives/C03Q9MS3KFB/p1770571419056129

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nodejs-org	Ready	Preview	Feb 8, 2026 5:24pm

[github-actions]

👋 Codeowner Review Request

The following codeowners have been identified for the changed files:

Team reviewers: @nodejs/releasers

Please review the changes when you have a chance. Thank you! 🙏

[Copilot]

Pull request overview

Updates an existing Node.js blog announcement to clarify how low-signal security researchers should contact the security team, making the guidance more actionable.

Changes:

• Specifies the OpenJS Foundation Slack channel (#nodejs-security-wg) to use for contacting the security team when below the HackerOne Signal threshold.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 74.89%. Comparing base (05fda2e) to head (f3685e6).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #8613      +/-   ##
==========================================
- Coverage   74.95%   74.89%   -0.06%     
==========================================
  Files         103      103              
  Lines        9063     9063              
  Branches      312      313       +1     
==========================================
- Hits         6793     6788       -5     
- Misses       2268     2273       +5     
  Partials        2        2              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[RafaelGSS]

I guess we don't want them to disclose that in a public channel, instead we prefer to contact security release stewards directly.