minor wording, added mention of FIPS

Author: dghgit

Diff for: SECURITY.md

@@ -1,14 +1,17 @@
 # Security Policy
 
 ## Reporting a Vulnerability
+
 If you think that you have found a security vulnerability, please report it to this email address: [[email protected]](mailto:[email protected])
 
 Describe the issue including all details, for example: 
 * Short summary of the problem
 * Steps to reproduce
-* Affected product versions
+* Affected API versions
 * Logs if available 
 
-The Keyfactor team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. 
+The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance. 
+
+If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html) as well. 
 
-If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in [Contributors](https://www.bouncycastle.org/contributors.html). 
+Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory.