# Brainstorming for Security Disclosures
## Modify Security Considerations in the EIP Itself
### Drawbacks
- Later security considerations are mixed with the original ones.
- No built-in tracking+display of _who_ created the consideration.
- Requires some kind of oversight to decide what to add to the EIP.
### Benefits
- Most visible. Right in the EIP itself.
- No tooling changes requires.
- Technically simple to implement.
## Apply a Warning Bubble to the EIP that Links to Disclosure EIP
### Drawbacks
- Not as visible as an inline security consideration.
- Requires some kind of oversight (or just let anyone publish).
### Benefits
- Clearly attribute disclosures to their authors.
- Doesn't require modifying a Final EIP.
- Smallish tooling change.
## Apply a Warning Bubble to the EIP that Links to Wiki
<!-- TODO -->
## Apply a Warning Bubble to the EIP that Links to external Security Audit report
### Drawbacks
- Requires to clearly define who is eligible to publish and link audit reports.
- Not as visible as an inline security consideration.
### Benefits
- Auditing organizations will most likely conduct security reviews of EIPs for free (for the sake of self-promotion if we allow linking their reports). Being presented in the EIP is a marketing opportunity for an auditing organizations.
- Clearly attribute disclosures to their author.
- Doesn't require modifying a Final EIP.