diff --git a/SECURITY.md b/SECURITY.md
index 9faed7d..74fc016 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,9 +12,18 @@ The Weblate team takes security and related transparency very seriously.
 We welcome any peer review of our 100% open-source code to ensure nobody's Weblate
 is ever compromised or hacked.
 
-Information about practices for reporting and fixing security issues is described
-in [our documentation][1] and on [our page at HackerOne][2]. This ensures all
-vulnerabilities are solved securely, quickly, and transparently.
+If you think you have identified a security issue with a Weblate project, **do
+not open a public issue**.
+
+To responsibly report a security issue, please navigate to the Security tab for
+the repo and click “Report a vulnerability.”
+
+Be sure to include as much detail as necessary in your report. As with
+reporting normal issues, a minimal reproducible example will help the
+maintainers address the issue faster.
+
+More information about practices for reporting and fixing security issues is
+described in [our documentation][1]. This ensures all vulnerabilities are
+solved securely, quickly, and transparently.
 
 [1]: https://docs.weblate.org/en/latest/contributing/issues.html#security
-[2]: https://hackerone.com/weblate