Blog: New HackerOne Signal Requirement for reports

Author: RafaelGSS

apps/site/pages/en/about/security-reporting.mdx

@@ -11,6 +11,12 @@ For more details on active Security Policies, checkout [this page](https://githu
 
 Report security bugs in Node.js via [HackerOne](https://hackerone.com/nodejs).
 
+> **Note:** Submitting a report through HackerOne requires a minimum
+> [Signal](https://docs.hackerone.com/en/articles/8369891-signal-impact) score of **1.0**.
+> If your Signal score is below this threshold, please reach out to the Node.js
+> security release stewards directly via the
+> [OpenJS Foundation Slack](https://slack-invite.openjsf.org/) instead.
+
 Normally, your report will be acknowledged within 5 days, and you'll receive
 a more detailed response to your report within 10 days indicating the
 next steps in handling your submission. These timelines may extend when