diff --git a/SECURITY.md b/SECURITY.md
index c7499444a..8dc0be01b 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,9 @@
-# Security Policy
+# Reporting Security Vulnerabilities
 
-## Reporting a Vulnerability
+**If you believe you have discovered a security issue with VestaCP, please open a new private security vulnerability report through https://github.com/outroll/vesta/security/advisories/new. 
 
-Please report security issues to dev@vestacp.com
+You can also report security vulnerabilities to [security@vestacp.com](mailto:security@vestacp.com), and we will create a new security advisory for tracking the fix on your behalf.
+
+We value the effort and contribution of independent security researchers and will credit security researchers in the release notes of the fix, on the following conditions:
+- Vulnerabilities are not published publicly prior to the VestaCP releasing a fix; and
+- Researchers provide at least 90 days to address the issue before disclosing it publicly.
\ No newline at end of file