From 3e8699469b05e50f739b8191ee025d363d46f27e Mon Sep 17 00:00:00 2001
From: Dominic Couture <dcouture@gitlab.com>
Date: Tue, 14 Jan 2020 16:20:24 +0000
Subject: [PATCH] Add explicit mention to look for bypasses

---
 general/security/security-engineer.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/general/security/security-engineer.md b/general/security/security-engineer.md
index 9afb32fc..0a6f4e1a 100644
--- a/general/security/security-engineer.md
+++ b/general/security/security-engineer.md
@@ -68,7 +68,7 @@ Quality Engineer notifies Security Engineer that the testing environments are re
   * The `pre.gitlab.com` environment.
   * Locally via the docker images of the built packages at https://dev.gitlab.org/gitlab/omnibus-gitlab/container_registry
     * i.e. `docker pull dev.gitlab.org:5005/gitlab/omnibus-gitlab/gitlab-ee:X.X.X-ee.0`
-
+* If a fix has known weaknesses (a cleaner long term solution is planned but cannot be implemented right now), try to find a flaw that would allow an attacker to bypass the current patch
 * Verify fixes on all backports on environments provided by Quality.
 * Once validated, assign the issue back to the release manager(s) and notify them that the fixes are ready to be published.
 
-- 
GitLab