From 54b2d022b91e98441128a596ea0eb052f02a36ca Mon Sep 17 00:00:00 2001
From: Nick Acosta <30478672+PubChimps@users.noreply.github.com>
Date: Fri, 30 Jan 2026 14:03:09 -0800
Subject: [PATCH] Update vulnerability reporting instructions in SECURITY.md
 (#25651)

Update instructions from email to GitHub report
---
 SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2e675d3326a..d496f84c60e 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,8 +14,8 @@ currently being supported with security updates.
 
 Reporting security issues
 
-If you think you have found a security vulnerability, please send a report to security@open-metadata.org. This address can be used for all of OpenMetadata products. 
+If you think you have found a security vulnerability, please create a GitHub Security Advisory [here](https://github.com/open-metadata/OpenMetadata/security/advisories/new). This can be used for all of OpenMetadata products. 
 
-OpenMetadata will send you a response indicating the next steps in handling your report. After the initial reply to your report, the OpenMetadata team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
+The security advisory should be open in a draft mode. After the initial reply to your report, the OpenMetadata team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
 
 Important: We ask you to not disclose the vulnerability before it have been fixed and announced, unless you received a response from the OpenMetadata team that you can do so.