# Brainstorming for Security Disclosures ## Modify Security Considerations in the EIP Itself ### Drawbacks - Later security considerations are mixed with the original ones. - No built-in tracking+display of _who_ created the consideration. - Requires some kind of oversight to decide what to add to the EIP. ### Benefits - Most visible. Right in the EIP itself. - No tooling changes requires. - Technically simple to implement. ## Apply a Warning Bubble to the EIP that Links to Disclosure EIP ### Drawbacks - Not as visible as an inline security consideration. - Requires some kind of oversight (or just let anyone publish). ### Benefits - Clearly attribute disclosures to their authors. - Doesn't require modifying a Final EIP. - Smallish tooling change. ## Apply a Warning Bubble to the EIP that Links to Wiki <!-- TODO --> ## Apply a Warning Bubble to the EIP that Links to external Security Audit report ### Drawbacks - Requires to clearly define who is eligible to publish and link audit reports. - Not as visible as an inline security consideration. ### Benefits - Auditing organizations will most likely conduct security reviews of EIPs for free (for the sake of self-promotion if we allow linking their reports). Being presented in the EIP is a marketing opportunity for an auditing organizations. - Clearly attribute disclosures to their author. - Doesn't require modifying a Final EIP.