Update SECURITY.md because GitHub OSS policy does not yet use PVR

Bas Alberts · Bas Alberts · commit 8fd2af3e1321 · 2025-09-09T14:12:32.000-04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -8,10 +8,12 @@ Even though [open source repositories are outside of the scope of our bug bounty
 
 ## Reporting Security Issues
 
-If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure using GitHub's [Private Vulnerability Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)[here](https://github.com/GitHubSecurityLab/seclab-taskflow-agent/security).
+If you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.
 
 **Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**
 
+Instead, please send an email to opensource-security[@]github.com.
+
 Please include as much of the information listed below as you can to help us better understand and resolve the issue:
 
   * The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)
