From a32ffb2d19535d63810869754e8ffe06aa3926b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= <ulisesgascongonzalez@gmail.com>
Date: Sun, 8 Feb 2026 18:22:56 +0100
Subject: [PATCH] blog: clarify contact method for low signal researchers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Ulises Gascón <ulisesgascongonzalez@gmail.com>
---
 .../en/blog/announcements/hackerone-signal-requirement.md      | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md b/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md
index 34dd19dc1d551..1ef57657e779e 100644
--- a/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md
+++ b/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md
@@ -24,8 +24,7 @@ submissions.
 
 - **New researchers or researchers with [signal][Signal] >= 1.0**: You can continue reporting vulnerabilities through HackerOne as usual
 - **Those below the threshold**: You can still reach the security team through the
-  [OpenJS Foundation Slack](https://slack-invite.openjsf.org/). Contact us there to discuss potential
-  vulnerabilities
+  [OpenJS Foundation Slack](https://slack-invite.openjsf.org/) (channel: `#nodejs-security-wg` for help). Contact us directly using direct messages there to discuss potential vulnerabilities. You can find the users listed in [security release stewards](https://github.com/nodejs/node#security-release-stewards).
 
 ## About HackerOne Signal